Overview

overview

8

Static

static

7

7f4eaff8a2...0d.exe

windows7-x64

8

7f4eaff8a2...0d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 16:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f4eaff8a219e74efeb7af786962fcd2d7b1beddf534ae0928b1b344a5ec0d0d.exe

  • Size

    1.3MB

  • MD5

    3ca4167a9198d863f2ec850fa696895b

  • SHA1

    a8c2f27e9bff77a4be4e95ece1e90813d686ac83

  • SHA256

    7f4eaff8a219e74efeb7af786962fcd2d7b1beddf534ae0928b1b344a5ec0d0d

  • SHA512

    185cc1a5ebaac1a51b00b12560a835ac7c0931ba38a2e2eaa6135a23f4a0961cf534989ed38e8690e6ddd65bd70327f159bf401c9d297bc8dc004a50f5fba8e2

  • SSDEEP

    24576:Qak/7Nk4RZArKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/VZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f4eaff8a219e74efeb7af786962fcd2d7b1beddf534ae0928b1b344a5ec0d0d.exe
    "C:\Users\Admin\AppData\Local\Temp\7f4eaff8a219e74efeb7af786962fcd2d7b1beddf534ae0928b1b344a5ec0d0d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Users\Admin\AppData\Local\Temp\7f4eaff8a219e74efeb7af786962fcd2d7b1beddf534ae0928b1b344a5ec0d0d.exe
      "C:\Users\Admin\AppData\Local\Temp\7f4eaff8a219e74efeb7af786962fcd2d7b1beddf534ae0928b1b344a5ec0d0d.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2696
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2696 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2444

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ae0cc0e52155bb78e5b6eff254793140

    SHA1

    d9a5b2fc1a09d5c3c1358bd91b55f94b3848dded

    SHA256

    61968f4472f4601b1b632151b149d7b3be596863fa8d3095a5c367b4380f49da

    SHA512

    e5d85224299d7f946d001575d32274a6797f02449c6ed0dbab458cc7b049c10e99174d4e5839d06675cf377ab5f2e6832bd84ede07959ef3b6d0e3a4479d2f7b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    445a2518c42b9b9a6240bbfff72449d6

    SHA1

    6e429397e82039278bf4bdd3879f99d88dd9295f

    SHA256

    5546e62f68d2adb3b091506e27a150d9811e97b6204237e9e2ab00bfa2cc93d6

    SHA512

    66ec612ebfb97caed88a82a6f958de8fea264ba8d11814005aadf9700aa99bb6fda2b1c4ddd4f3167ca617fd3ffd8a8e2905e2d3d88b0dc851f22c8125470673

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8e41db205e1e6ab7f7bc46d5fd3d442

    SHA1

    3eb4c0329169b2dbab20dec21f3da196f8125789

    SHA256

    946907908ebb1ff383aec1debc477308eac59e9c56fdaaa5be55f3aa30740c1b

    SHA512

    3b0e0d3908c26bef4a756fa38168873a3dd2e2ffb4811de30fc841f7ac6539057e9e04fda28b4c701526b87962ec1f32a23c26e06009775aa67466316d3bd7ed

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad41b27cde9aa51ef75885a5204ca291

    SHA1

    7deddb1eb860760867fec2aca1417165c1d4ebcf

    SHA256

    c441af60c587a36793cad204748914406e870a401a59a244e214dc2907e074ac

    SHA512

    d9741c78507d3af027b3d8268e7ce0bb20b97b7cff5036a86278f8e3ad5aa6cd4744faa0741015855f15ddff5efec46b844c65098e0fe4138dd6bfbb8d277f14

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cef0e85a55eed6df05ee87439f03b651

    SHA1

    dd23e22d75af04fa3c2218377e9307e3716f3e0a

    SHA256

    dc38f83fa8e8ca2203052f516d579587b1f1117f27d2fbf652d01e847a330f32

    SHA512

    9c423c0c084bcd1113648e1756a02faaa8e331b1d075efda6fa311c35a7d48af317054ce4eaac7940fd22a0211a89c9f0eb7d713cc02eaf042fc445c02fd126f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55a7231da3f6c968aaec204efe4bf6fe

    SHA1

    370be989b84904aad6161bd7a7b7f345f6853040

    SHA256

    43347fde15a57ee3328414dfec5028e21d812e2203b51263d1e32c073c4fca1f

    SHA512

    d78ccdc9738cef8fc9a46e1805184cfdc587dcb7eb8fd9f524378b2ec38376e1d13cc6a50490b1c4e8cefd457227efdeaf2cb708199969867365a4746c5208be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71fa2c04d229b1152eece7a73a865c29

    SHA1

    9006f3084ccd6dced7a52c0cd740f18ea8a021ef

    SHA256

    816b412ccedb701578d53d06a2e728a1c65baab4d4f2551ffdc5d66006af3253

    SHA512

    b66d8564f5f96d2a5df545a6db426ee72873b6a949c756c840253f76fea5b6a908066ea5210df9123e012cf926c860c2730f49e94166e4183880c376e7844c60

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    895c6a3ec5a0d640afea7b792acf3f3e

    SHA1

    e35ccd6190c92e79396cd7ec022a516454388466

    SHA256

    6c8db46830e1b90976640f32409fae0d0c98b4230738dd2d03c44ea2752f1994

    SHA512

    9a2eef694833b7872da7c6877959f32dcdf277eda7df342e47abcf16125ad573ef828808de927c9a513e524043b65acc6d460c72c9df844cafc992ce114c595f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    96b452b4e1a0fdcab5713dc71e8fcb84

    SHA1

    0b10c6fa7f6f67ead178624777aac6e0e474de00

    SHA256

    7ab7a2d57d14754e1cf1088ae1a94d9fcde96483dd1f013b254daa96b0b06370

    SHA512

    ac8e9fc83cb8709257e0e90c33e04b6b10cff7f722b952fd87c4a2821f71b4bb5282ff33ad165f556452292ee8814c18cdfbe730b4c3bc2454568841e2911413

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34269376acb5fe982c4d9d2ba778cb49

    SHA1

    7c28e2fb2ff1433a7f814f09232d23620d482c3d

    SHA256

    710b74d5d83b92bc857c11480cc2b5d8213f14dfa2edca777ec4e84733a18ef5

    SHA512

    03f7cd80ca6da07dbe90fdd861ea56717d262ec60e743fbfc0dc41343e1b69778ca3b5927ae310b776b2963739267eee58ee3d452841a3feca763196ce4a8277

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7afa78d2ffb934cd9f21b04b00fd5187

    SHA1

    c800d2bb54bb04b0dd212b39a178cd51a2e69356

    SHA256

    55b2d307f0efccd6ca9cf0c42b2af5b51d91984fd72b3a46a9ae5395f6f65dcb

    SHA512

    de3e849290602baef7f85092344e8aeba74f2d0bf245f4cf64f35932b15c20d44bf2e8666f344d39b70c01434ccf514b4cbcd00c1d60b408e1e96dbc1a4b0397

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d077b2f61795fd28277af5efeb53e454

    SHA1

    a78c75438bc3010d4439cf216fd46514f7aac866

    SHA256

    ba0c63c4bcb20c18ec9b2595be3b1f8fd41b44cf7d2bc16d8141db9ba70ca409

    SHA512

    86ca40838b5d765be8cdc6bd8f660cc3bb38deb55993d7a8c366682bf83333adb3606f7f82bd8d21a73e1bfc982e7692a9c984a51447948dd741f00b7a9abd41

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    933206f46a381b235305c8348d6015b8

    SHA1

    9c0ffc8c614144d0b35f14c48af288fab9d173ec

    SHA256

    2bdbb3a60b2223f508cacf3f6497db55478dfe6955173cbb97e3dd7c30d2976d

    SHA512

    1c7344cb690be8aedde2d209d31431be1030a174b76b2667cd2ad5fe0d8415827520b3e156602d71ccdc0c65b35f81d045a2775f9bdced2f28c15a95d474c4d1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3383d04e6cc7ed1d383360a891dbfbbe

    SHA1

    797795d528485afdbadcfbb04d603b054b3560ae

    SHA256

    5fcbf5127d72f63e22c277a2a776984e5a523333c6b3db437a0cbfb1ddf7ca27

    SHA512

    762cdb20b10250abb5859336de6fae1f564366dd1e31e676e84887c8484804c9b25152644f7a512687c8fe61b168b2183298c2ac641acfd7886b136bfbc4b399

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f3a6a8381a2d0bc2f97763d90cd40a7

    SHA1

    29a3531a7c31a941400ba38ce81f493736dde436

    SHA256

    b78c960bd3b2f0a80d4cf77bc6e861e9249497dfc7405df9705338e37ef4b976

    SHA512

    7b84bf3536fbd7660cc8490352ff470df8ab8a5d131c6161fc4a78902b64381379481ee96374e79e45f324a7ee001253698e8f3b3edc126637579866f87662c4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e6797246046dea26f9bb5fade76399a7

    SHA1

    1861725f281e707c74fb02cd9a85ecb5e5fca28e

    SHA256

    0919bc082f0b86cd5ef7501fc394a0421eb461b9b0140dcf35a97f9639313e56

    SHA512

    97b1d4fb27fef4c2b29e233f58cbbe92d7bc34211eb3302385f739c7f5c50379ad34ee34bcdf85ab0df0e0bef9ae68cb807a65403e420db6239147ef8c6a4d1c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    545583402cb26385451a31a86bb2c2e8

    SHA1

    cdd99559f35bda0b4e422d6cd409111b7f3fbe97

    SHA256

    add38f010ab122432e54ed49d10dba6d5a3261ef99a47f13ce0ec16af7d7c9cf

    SHA512

    d657a01bbbf26fa5222e446f3cdf6e2f3dac9f355794a7bc1a99e291abb07cc955d2015c6305c5795a16bc65dfb903360d16ac5afa66c6f748bb0ab0a23f7c00

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9782a66a8fcbbf76dfec4e319e41a2c2

    SHA1

    e83b3ffa4be4264c89e7ec88b891024d3754bc07

    SHA256

    facc5911e2e5f518f9b2890a0a82553037c15ae307e98a02d3dc4fed8038b719

    SHA512

    5704879cbb177fc9b22e52d8fd445acad309a7de6ccebe257b4664c0fa6ce75dc00e999b7fc0e7c286badac636e11db5e21f8bd09e312b6ae45b8872d9c38bac

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c29548f0869bc274433f27f9eaa8d780

    SHA1

    38ea6b6205fff6bc36893977b8e2d7e73b7259c3

    SHA256

    8ecd587f15e6acb8207d89de05da8bd99e79de550d329c31b2b301c1c0a37230

    SHA512

    e08b16df5fedbcf4be63606288908c223fc369bf078455e46f853d4acae226c0f3f3e6ee736cdfab6147762799e19a7903e4f0da92cffaaf941161e15ed54f65

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabD3D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarE1E.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • memory/2392-13-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-21-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-17-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-11-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-9-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-10-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-12-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2392-14-0x00000000002A0000-0x00000000002A1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2512-8-0x0000000003830000-0x0000000003AD6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2512-2-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2512-7-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2512-5-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2512-1-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2512-0-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2512-3-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download
  • memory/2512-4-0x0000000000400000-0x00000000006A6000-memory.dmp
    Filesize

    2.6MB

    Download