Overview

overview

8

Static

static

3

90d11b558f...1f.exe

windows7-x64

8

90d11b558f...1f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    90d11b558f89642d713e417c1dfdda6b905c2b24311f7bd39813b368f7d7bc1f.exe

  • Size

    2.6MB

  • MD5

    f879592064786934b7e7a9c562fd5cde

  • SHA1

    572a32c796846c22ae7c0d8d5d9a75be461b0d30

  • SHA256

    90d11b558f89642d713e417c1dfdda6b905c2b24311f7bd39813b368f7d7bc1f

  • SHA512

    4a8f116b29763fa54df1cf62294efd5ff1a76611656da9bf7a5cac7e5ac794f83156fc8a300e933a827c5217429f396840bd2603b9b2e35a84904a45fa4a3f7c

  • SSDEEP

    24576:+A8vyrepIND/0bfSPdaYrRFo3UR+h+8fEvdDrGnrdEROGHOhBBoKpYC/hRJHOh:+A81IJPvqnEvdDqnroHOPHO

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90d11b558f89642d713e417c1dfdda6b905c2b24311f7bd39813b368f7d7bc1f.exe
    "C:\Users\Admin\AppData\Local\Temp\90d11b558f89642d713e417c1dfdda6b905c2b24311f7bd39813b368f7d7bc1f.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Users\Admin\AppData\Local\Temp\90d11b558f89642d713e417c1dfdda6b905c2b24311f7bd39813b368f7d7bc1f.exe
      "C:\Users\Admin\AppData\Local\Temp\90d11b558f89642d713e417c1dfdda6b905c2b24311f7bd39813b368f7d7bc1f.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2432
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2488
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2488 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2484

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1035178f07929823b3e645ffd3cd39d5

    SHA1

    42c312ce28c5caf7b2f947e065f5e6117ac3207f

    SHA256

    4ff7a772dd49a4e4dea8f8456b3d1ac9eea39424b0f0e4fde66e1502901f4e80

    SHA512

    3ba1bc009546af4ef6318288f40791f69ae993cb8fe9b04c78b01aca1fe62523a2b389de0ac5fce3d772516538ebb85cf066175cb824e2880bb431f4fb404252

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e71b8405401e4afd2c23a53f7747f1c2

    SHA1

    a86eec58dbd444cb35c19cc6a86d07bd68e658c4

    SHA256

    ccf186d7f52ee95380e4addc876d0a8f6b0bafa84c502ab5c608964c1e991516

    SHA512

    b6806b8ddb2d27bc1e3097f34289661c47112346c42ce0b3bdaed9c559aa984f12949f09017091b3cc8c3476fdd41691ad6f5100ab6e042c66889cb3ef8c9b7e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    638debb978418a5553122bb007ba0cf5

    SHA1

    9c4ba789056b36d78ad46595f1f64717e151b703

    SHA256

    8991f8f1a85ff293c6be42d48d3d6a20f9ff4fa921b8a9d967666135535d6561

    SHA512

    f6063cd4941f2aaa8c7fd045e4dff34fff9d3bdc8cc2578dc44a6badd03a80d331150ce1fba7f633ccbb952677ed6ffa7f0a22464d4d4c81605712538d308134

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef6d51d70a972efced5af023c93f0ab4

    SHA1

    34d5a5047e6bceb7949797b0f44d0a6b04d30861

    SHA256

    ac2b41fa5c3193faaace9d2488417e83dc79171144ea97bfc2723e77ab8a801d

    SHA512

    70ca132f06d34de25480ac25d0716980c9c65045418711497605ebc777c7fc5f5be4c8fc3949c6cbb16da6e41c3d47442eab30068559c6d7e9d0279b98ab4122

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dc4e477fc6bd718bbebe0704658a33b5

    SHA1

    892b7933b67d634e8985bed376fbe5b977e24284

    SHA256

    e5a8e18a12e2993a181e68e77a457c685ace43ab30e875947fe437ec8534be3e

    SHA512

    f2d1f492a53034048fa94e08340cadbed2ff87c37e0c2ee29a921082d155b62160d7e49a385d6425a97ccf342e25730079abc4d4c92c9f0f1ed37aa3ba5715c8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3c1145b663af25967ae6fc872e77a06d

    SHA1

    09afe52e24306530750985b20e6043d4cdf76d6e

    SHA256

    dd05e237e825fb52590f6dfb67de21ad8ee5693bf3fffaff613bb4e51ef968d9

    SHA512

    68d2469e1885553e0523bdc00e237888afef361d52051e18daa93157bc42fbfee7e1ef7a633ef9bec43a708e1038d7651f5da895641c32c0bacb69e7ad7a2cad

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f47f0ac21dd07c3209e036d8be784887

    SHA1

    07c1c8c11c85897579132eea4e6bebebee06c578

    SHA256

    68ec041010381e98fb2de12dcf250f5108d5e589553c6352b7697ff1ef11e996

    SHA512

    7fec4acaabbea60a134a5da9f426c6a1982de84cd5698496f8a0d519a22c2c5689d5f4b7b395ec1b1306ce0f905baa68183e344b2853a57c4580527253e35ebd

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9b1f49ede9e17b0e816a6d4579d7dd6a

    SHA1

    db9b6a6a3b74ba966be0da2f71b3bc2cdfcb9e2f

    SHA256

    52437daa97f9728c657ca08824c038a9f01f50c584fc3925ef592636c3755d2f

    SHA512

    ff96a4bdd7c44bfbdc38be6d92df6fb1953ff550dd593c51942de870b0d6e0b5fd23e6da9698e97838c034abe4603cc4542fb5679c6ba50677c53a5f8e0ae287

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ee94cecd9649463fb33d7eec35227bf

    SHA1

    9d63cfc9a2fa1a62ba725cf569e430016e040a39

    SHA256

    2de568f0ed969ae7a97539926b8c5578af14daf972adaa973a81b694335fb747

    SHA512

    89581ebecd120830bf95a7bb1b2fd9391ede408c0f5bd1c16f31874ef7d2c6e31fd0ee471617633e298efb817c75524b1cda724e2509308cfe02843c88860edc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a26e5d2c2c30131f942ce46dea1d4cc

    SHA1

    3c4d4f7ee0fa513f23308d2fd9fd10017823f285

    SHA256

    a85167e9b8b833f35ceaa85102f97117437dabc1339ff860dbea4a1b0cce752d

    SHA512

    78a5921dd35598c4adc315639491c57aa7dd3eaf32db2e4571749998d10b986255fa5590ec7cad7539293152db947cb787dc9397e4d23a71236196f213eff250

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa2740e8917390b2883b569686c2bdf3

    SHA1

    7146afe5063c870a1ed93bff82b4251dd16b0feb

    SHA256

    c1f6178919202d609d45152361d3df7887af177d622a6e077e61257938faecb1

    SHA512

    bf8c4449a64c240a182b57d012d235ab81c71bef1cf5f3439d9c871af61a142471411549d3a74f732b206f8f3771b74b9aa3183e72619237353718cba5829a61

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    85ec386994d0351c2359b12bb5892111

    SHA1

    2849ea9626dc5c6ec3c4974d4060d51a74fcb3bb

    SHA256

    586ac9585543534487944972616bf16bf6820a92aaec8ac6718fa48cf1752cc0

    SHA512

    c8d82912943827720231b5e5608dbcb773e3aee56bdc84c04b336a3ca526c3ffc65fb0a94413f1a8dafa7d1a59a22aef2b62e6d509e48c2b3dc64a7412f047f0

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c1ff784c662a31d63e56746dfde0052

    SHA1

    2cf0ff8a72334f70eb77bc7e3082a3a5efdb4d1f

    SHA256

    e76f8dd2950706cbc8ef57641b1909a897144095f9566cf70a2351000ff58e72

    SHA512

    948e9ad4f4dc01117bf3cabc159688c5dd069024e23b2344e3ab1af103606f323ad83529710c9b9b485a94e4dd0bee352a5f87c4f3d29e88330a8a012c852d78

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b18deb08e94fba27219814cec438dfde

    SHA1

    2fc48888841bc760116037bfe672c850b7459e9b

    SHA256

    ead887b97dac29fb3199af4b11d9865244eff5f002102923e5998e88ca2c43b6

    SHA512

    80bf55db6915b865d8b1e9e895bdb0477396f905011ca0a8a6a37071de262e3a5b66010dcccc3a40b9d0257b54587a4bd5790defd487082ff09ef9ef79d9b64c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de9857fb8423ab2b0c7b51d99ce26d1d

    SHA1

    00e2912ecd7641f94056f43c49280c911d57560f

    SHA256

    b365f877fcef8bc16a56b4a7bfb0aea2df3042cd4f08d28f172e018b5e43bf60

    SHA512

    88a64910642b89ecf219e3083a67a0337ea7b66a054af370eb7f2fe300cce41033273f28d22de5ba2d17d338db301cbb13af62291f72c89b2aa8253dcf7cc828

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e6ee392c6099a1ebd30c5be0c80f77b

    SHA1

    768150aa20323185277ec7b0333a26e80ccd77f5

    SHA256

    22e6c139d581119f0ffb566064efeebd276d1048b95dfba678b6a3176c3f8ed6

    SHA512

    bc10978bd97e095067b418cd66326aeffecabea15c18ba6b1445cf062c0744c77d21f8e5146e787706306cba22e64b37529637ef7bb82e1967df8d848179c825

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6500ac0a7c7ad082b939272c4aed368

    SHA1

    3b75ba17c501198c221c1f426b7f3b19afc6dd8c

    SHA256

    e07d7e1e890dc42f1f7c400a3fc25f846c67ca9d710f36bc971d13c34f54c361

    SHA512

    facef75e0ac55e3552925a6f81f6ef828b1d8e46e904c6b271464962799b06b12cf7269ff204c675e62266cfea93076c595b8e32de4827d5bfe9362ff49d780e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a729f49e14dc8ea23e9cd4ef19107f0

    SHA1

    327f163e426ba4483b948b6f33370f883cfa3dd4

    SHA256

    8a4178afafc335ed36358a5d29999fcaefee018fb2196e90c3f89a671303afb4

    SHA512

    582faca86604c986d1a2ea53b8205bd6fb6aae22701f19ff53ff69efc212ee62819018a90efadb7c4bd710f046ba6083361bf644c387b4ad7a1c126a81361f89

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7e2f870f5604e712d99df6b0b450b06

    SHA1

    936a6d50e2b26d397646d7a434f79c9f90d50a16

    SHA256

    ca1a07e91a6b5af11750a1066016228d32e3eaaa270862c839a6fd823c4a0cbb

    SHA512

    768feb32d23ec6fd1e725975b3f566aebfa67d6d54d046786c313fbdb3b28212b3200b72b58adca812f1de068b37ed568013548f469722a2b16caa05a178186c

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab2224.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar2275.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • memory/2104-2-0x0000000000400000-0x000000000069F000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2104-0-0x0000000000400000-0x000000000069F000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2432-5-0x0000000000400000-0x000000000069F000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2432-6-0x0000000000400000-0x000000000069F000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2432-10-0x0000000000400000-0x000000000069F000-memory.dmp
    Filesize

    2.6MB

    Download