Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 14:59

General

  • Target

    050a19f5f1c10b53f08e4422b0f6786f4aa8033affd07b76758152665e101246.exe

  • Size

    2.6MB

  • MD5

    c482c515096bffdba129adc8d4ab7746

  • SHA1

    61cda988761d8acee3228c80505eec7b4f135a4d

  • SHA256

    050a19f5f1c10b53f08e4422b0f6786f4aa8033affd07b76758152665e101246

  • SHA512

    6c408c994a52cea67a38ba70b88267b36bd01b24df956431b222e191eae566ae8c79c4504967e79ab442a28aaaeb8aae42a876ca2f11f60596d23221f4d22aab

  • SSDEEP

    24576:9A8vyrepIND/0bfSPdaYQi5YYR+h+8fEvdDrGnrdEROGHOhXBo7FC/hRJHOh:9A81IJP/mEvdDqnroHO9HO

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\050a19f5f1c10b53f08e4422b0f6786f4aa8033affd07b76758152665e101246.exe
    "C:\Users\Admin\AppData\Local\Temp\050a19f5f1c10b53f08e4422b0f6786f4aa8033affd07b76758152665e101246.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Users\Admin\AppData\Local\Temp\050a19f5f1c10b53f08e4422b0f6786f4aa8033affd07b76758152665e101246.exe
      "C:\Users\Admin\AppData\Local\Temp\050a19f5f1c10b53f08e4422b0f6786f4aa8033affd07b76758152665e101246.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2176
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2396
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2396 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2764

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e45c2114c269e4dc03364d3dc0ce5aa2

          SHA1

          ff7cea894747148699c044438778fad9b98b7fed

          SHA256

          a9f3fdabf9326315169111e65789d7b49f3109ab4304f0aff688383929988b04

          SHA512

          d77bcd5ef72eba141972e761310cef50e293b23d52f6fa2c9bec77f8afaffcc98e9ed6449e6126df08f186d56f4fda584b360eb208218b684ac99c577dda708b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0ff012caf65b99399ba1d4a5f0a20d7a

          SHA1

          1fbaff5ddfc3f1f0591de0f7476983a32f0acf5a

          SHA256

          4386e0a67577e7523ac2754d0739e6a522d7cfb7445d0d0c592d0960e374300a

          SHA512

          f9e40870bfa5fccc30c19aeb3746be320fd0fa244b0b79a3c743d6ee6b1b6258c288d4a463e41ad2898d3bc06f583e2811f0bee7024a38842d20598d9fdecc5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0566ca9838a102b0366e3b33ac89f9fa

          SHA1

          a12cfc81e752e9a6b18280adae5d1480ceeadd89

          SHA256

          2a91f44deb3e0e2cb20d11e7c0fcdcd745f35d1f171f1cd3222faa36b8563c4a

          SHA512

          4108668e9ea0da61daf0fba93a413dc6f93edfaba71cf997d2811d415db1f0134dbf21cec53aa90d9f31c5980880d0eb2435edca493c8e3b0f4a6df4e8263ff8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f6a27d0fee518eb823e6f6354b31150b

          SHA1

          518634e7fb02222dc0f09dccc6aacd6d675cbe58

          SHA256

          0c138b79d4ffc481fdbbc4ec56cb8715ad5f36e40280e6f7dfb1762d6384074e

          SHA512

          d638fc0d06ec361cf59e8efbf6825b3a5dda05eaf2449d4bfa93c6d53e8d6d685f1caff1231026082b31fe390f355eb726824b3bbd5baae06760fb5ad5c21305

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          53b0387ef5df23f4d0c1e3f79cbe46e6

          SHA1

          83ef31b1a68e9ea66056b35a07d9a4edf68ac6d2

          SHA256

          cfc5ab3ab216025e21bf9f97c7bec642a14aa7b821e0405eb6d47ed1a9b0c6cf

          SHA512

          c07f5a34660ebb7dfc1cac47b7afc25c1011cc908be6374785ee4ba623399dc5f20641102d52a7bc7ff2b40debac8d795061183cda1a539156a3e8e277eb6e97

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c4f572da275fa73f5685d3f99ff56bea

          SHA1

          5a0d7fb7c9167911740881ae560d7424fe1e0af7

          SHA256

          6b1c5c9df9124b62813762de3219979b0184602c98f9c016cebfd1bdd4ade341

          SHA512

          b517b2adc9ab8f267b0493f19c972cdcbe802b80cf6ccc76972baff911028ea8fca8d48ca54f6f46dd49dfb1d7ce0be1a97db002dd18a3ab5fef78fc5a359214

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          74acd5ad1f35332f979fd9aae8e03230

          SHA1

          4ff25e43d5d5a0c9f2c1b056d234cb43a776b8d8

          SHA256

          5c31b798fa4bcd44f213d5b32187c98c917ed6747282887e02d596c04842360c

          SHA512

          a8c2396953bde23d5ab9de2186376c63cf717d7201e8567bf13d8ed80c077091aa2ad9eb8260f3d09d0cb3fb082cd65f3e6537d450c63e471575f2f3ff402e70

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a1d18b139cd0ec966aeb9d4c29471931

          SHA1

          ba88eed7f9c28f2e5472ccea92ee7b5a52b3aea2

          SHA256

          a03784f6837b871752f5535838576b736ad7257e57dffadcc94333afb98cb1d2

          SHA512

          206f8690f1878d1f74ac543e1816b2371aab97492b1c061f7c60da4aa56b86b48ddbc1583d5f9a4a14543708e8b82daebb23fc89351b68a5b2d84ea9e657b262

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2bfca42e97ed847f814cfe434067327e

          SHA1

          131145d71036789e5a9b4fa381076f66fddb22a6

          SHA256

          eabea7f2efec3f222fd541b6afece96769f26fb4fe3f334c403140d3d44b4149

          SHA512

          0375a1467cee0c836dc0e927a242bb0887be808fc2e1c850daa2beb88f7e0c2687dd300d60cef007ec3617c5ecde3307b8aae2b1225f1f381acbeb3813acab41

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          96e5dcd82e8d329b2158a69647acf839

          SHA1

          6282454a73ff77168a84802cd2edff521738797d

          SHA256

          afe042e25e4169998d5c38beb75a608c32d4bf3c090c88a353c058ab874851a4

          SHA512

          e4e3395b05741d6d418cfb770ea947956330ac2d0394b2eb6f590e0564f607467274b08b663417ad098dbecd35852ea5786ae83d405974da1a3d66d16b13e5a7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8d7ecd49c88cd1a88459b6b37d159a17

          SHA1

          91c960218785814368f278993750370709867c57

          SHA256

          eb6c6786631ef61a8fcda9b8e7997b0a46d03c4ee226015580c1c572d64e5764

          SHA512

          e988dbfc23b6e2111d077c9c75fcdf8fa8ca01b2d09b1d2ddab799efde3473266eebd4bffbef0881ef06583545a719a3b2866a4c495b0368718eaad0fc7df397

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          24376eda6feb1a8c83c4109efefb552f

          SHA1

          add794651a20e8f012cc96db1c3ee2efd730faa5

          SHA256

          a16d25d5392a78820a40743e9e3515c5d2b9beb51dba4e11912521cca5fd03a5

          SHA512

          139cb80558399c301104f993dcb26866f43fb2863c6436a9190b08d67fa6d9ea9c0ff5db4721bd82a50edb061018c68aeead1e0ae3286f4a8b48e195ad40fed0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5459da6fd15fada1559fc5e176be6cd9

          SHA1

          277f2c8726f1823eec1bfdb6068da3171ebd4cb3

          SHA256

          b59e9c4412d03845a03747350298d52360b029478e8d0131be6acd0c8a7a1aa2

          SHA512

          44c8113f68de8489ae3a972937f6d6bdc9e50842828f2ac6fe6048c92ebf8e6391ea895502e989211e825ecac5280f1dc87bd277c2060f193968a57661834ee3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          add71ed040b64a58345cb576412d90f4

          SHA1

          22524ec11532bb6d67535b6cb420de5d899fce99

          SHA256

          03b005bc65286813c135ec7cd1733f6612438f18f7b938bc5aaa0e92527bace4

          SHA512

          65811a7ec538c8d826ba67c1757c5b6fa94e916af18711e7a4d57d49500700ac463e6374f10ecb9d696454ccc76bc63571cf4f61955beaf1c4a696a16dc98b53

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8bbc0dae6eb03e3e3c697856597a72dc

          SHA1

          c8d18adc71c20e8ba3c7b79d3a975ea407216ff7

          SHA256

          0dcef4d7b4e84e4541ac42d1de98b6f47fd107a505259ef15a3dc46d58dd62a1

          SHA512

          58fc31592d1debc71c1b2c171324783eb87c1c23036301dca6f009ef3149086bccea589822796284d87c29f18fa2a86b34bbb32bcdd285998d440d2b546ac7f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          01be9c8e6c5b408dda8bab828309bab0

          SHA1

          38a29e00b3d5193e558a639be54fe4a653acedc6

          SHA256

          5fc852d3fb4ebaf0162e3e8b4df93534a3b0ce89d2d3a16ab3b0e13e65338929

          SHA512

          f00f48821467aa39596c6a7ff48b9d27d70fb5364cfe10ac3036fa8d255b037aaf7b80ee46d91ce5a3c3c9a7c1116226b25898b73449606d643e38c4847c7612

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          416db7a09f3a8b2930821bbc80767135

          SHA1

          d5d20b08b25d83f9b96b1b998ee92fd0ac9181ed

          SHA256

          a59fdb527d104868cc358b54f85961ce81195cf860bfd1f8d4cd373b1be96c63

          SHA512

          b99ff65d33b3bd6f70592540001e23de4891b5decf0f84acba1b4dd8a89407a17d26dfe3f2e391cb616c3ac7ea1cfd2ca573fe86f25ee3e9de0d3f0df9cb4df6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          047061d29705ba1d427b099fe13009b3

          SHA1

          12752daca9a3ee94864cda0f5b77f4447a1eeec6

          SHA256

          a991865e44d75f67a1f0bd35b1c3aaa777e46c1e0ff739128912b931ef02c580

          SHA512

          31d21e7e8483868d01351a281824b878172f3591e88884ff75c82cac85e2e3c7302864e2fe435a2e2062688bcd0c841fa8aa8e2fb5b7064d7f41248b27551d8c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2dcc441c510bd37364d71df2e709dce7

          SHA1

          d6756e02e07ce17865a87f31b9dc80c3352ea45f

          SHA256

          1f888b456c411e36559d762d49ca0441185deb34acbb46d234df30452e9f15b9

          SHA512

          ce81dd66e0e5da3c30f1747d53e319ab6a391753f75533cd5c98b8a2462c108af65ee5c4c2f090330e1c4106b251073b9a30daf01ed7ce58eaa44e8eb589aef7

        • C:\Users\Admin\AppData\Local\Temp\CabCD8F.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\TarCE61.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • memory/1100-2-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

        • memory/1100-0-0x0000000000310000-0x0000000000311000-memory.dmp

          Filesize

          4KB

        • memory/2176-1-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

        • memory/2176-5-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

        • memory/2176-6-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

        • memory/2176-7-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

        • memory/2176-10-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB