Resubmissions
Analysis
-
max time kernel
135s -
max time network
136s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
24-05-2024 22:26
General
-
Target
build.exe
-
Size
1.6MB
-
MD5
0f00ec8acd08f26ef6fcb2ff7792119c
-
SHA1
aca89906ae8ed315f7bb5ee5764860a431d04589
-
SHA256
0651c2d33fe45643e1e6c85297fd9a361dec41567daf035f00c8bfa81e12d122
-
SHA512
652db906239ada46dc959085a7c79598bcf8830e1aac8fc52f64ca4d1e5c094ae864ea078e4cac816fc1f4aa71004afdc41230574f1bec8b1d89c97d1983777f
-
SSDEEP
24576:3ei2Q9NXw2/wPOjdGxY2rqkqjVnlqud+/2P+A+ZecdyFoBkkAnexMrdgLmG:3JTq24GjdGSiqkqXfd+/9AqYanieKd9
Malware Config
Signatures
-
Stealerium
An open source info stealer written in C# first seen in May 2022.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Delays execution with timeout.exe 1 IoCs
-
Kills process with taskkill 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\build.exe1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\build.exeC:\Users\Admin\AppData\Local\Temp\build.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmp760B.tmp.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\chcp.comchcp 650014⤵
-
C:\Windows\SysWOW64\taskkill.exeTaskKill /F /IM 47724⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\timeout.exeTimeout /T 2 /Nobreak4⤵
- Delays execution with timeout.exe
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\tmp760B.tmp.batFilesize
57B
MD5f522e9bea46a0724a916c7203e526276
SHA1c29cfbdb4d291191c52b6933ca2ca70b66066afe
SHA2568a02f5165b6b302d4993a41b3177d9c81d9fbdf6650c266b789aed612afe67a9
SHA512b498cdeafc6f382ef994a49e176a630073ad86d7a4b9eea8763eb6e6eaa58e638c253a6cb63732332355ae2101290fc42beb3dafdfffbdc0d42e748f92c09a15
-
memory/4772-0-0x0000000073F8E000-0x0000000073F8F000-memory.dmpFilesize
4KB
-
memory/4772-1-0x0000000000BE0000-0x0000000000D72000-memory.dmpFilesize
1.6MB
-
memory/4772-2-0x0000000003130000-0x0000000003196000-memory.dmpFilesize
408KB
-
memory/4772-3-0x0000000073F80000-0x000000007466E000-memory.dmpFilesize
6.9MB
-
memory/4772-6-0x0000000005B40000-0x0000000005BD2000-memory.dmpFilesize
584KB
-
memory/4772-7-0x0000000005770000-0x0000000005796000-memory.dmpFilesize
152KB
-
memory/4772-8-0x00000000057A0000-0x00000000057A8000-memory.dmpFilesize
32KB
-
memory/4772-13-0x0000000073F80000-0x000000007466E000-memory.dmpFilesize
6.9MB