Overview

overview

8

Static

static

7

c91ad14140...23.exe

windows7-x64

8

c91ad14140...23.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 12:44 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe

  • Size

    1.3MB

  • MD5

    d4f7d928f7a5b1d36f89dded39d9c3e0

  • SHA1

    8bfaf10334949d19265584c6fc15867b694d0369

  • SHA256

    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423

  • SHA512

    e8cdb3313f4a4174d7e924b01ea3822a78f4a8c18d942850bee463c58cdf58d0703d5b80f3737b8df4bf37dee2dc184003810e7515a5e4fb0ea6e0b2d84189a2

  • SSDEEP

    24576:Qak/7Nk4RZ45LKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/GkZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
    "C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
      "C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:812

Network

  • flag-us
    DNS
    info.178stu.com
    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
    Remote address:
    8.8.8.8:53
    Request
    info.178stu.com
    IN A
    Response
    info.178stu.com
    IN A
    103.133.93.52
  • flag-us
    DNS
    www.178stu.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.178stu.com
    IN A
    Response
    www.178stu.com
    IN A
    103.133.93.52
  • flag-us
    DNS
    www.178stu.com
    IEXPLORE.EXE
    Remote address:
    8.8.8.8:53
    Request
    www.178stu.com
    IN A
    Response
    www.178stu.com
    IN A
    103.133.93.52
  • 103.133.93.52:80
    info.178stu.com
    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
    152 B
     3
  • 103.133.93.52:80
    www.178stu.com
    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
    152 B
     3
  • 103.133.93.52:80
    www.178stu.com
    IEXPLORE.EXE
    152 B
     3
  • 103.133.93.52:80
    www.178stu.com
    IEXPLORE.EXE
    152 B
     3
  • 103.133.93.52:80
    www.178stu.com
    IEXPLORE.EXE
    152 B
     3
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.7kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    753 B
     7.7kB
     9
    13
  • 204.79.197.200:443
    ieonline.microsoft.com
    tls
    iexplore.exe
    779 B
     7.6kB
     9
    12
  • 8.8.8.8:53
    info.178stu.com
    dns
    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
    61 B
     77 B
     1
    1

    DNS Request

    info.178stu.com

    DNS Response

    103.133.93.52

  • 8.8.8.8:53
    www.178stu.com
    dns
    IEXPLORE.EXE
    60 B
     76 B
     1
    1

    DNS Request

    www.178stu.com

    DNS Response

    103.133.93.52

  • 8.8.8.8:53
    www.178stu.com
    dns
    IEXPLORE.EXE
    60 B
     76 B
     1
    1

    DNS Request

    www.178stu.com

    DNS Response

    103.133.93.52

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad0ea8366989525456d392d2a847b6f2

    SHA1

    5734477eddd64336edcb4c46ec114ecf6a0b70d7

    SHA256

    2ef5d89a7dc7f74132a4ee1eb70b23800a059326b9d6fea49995e0a343b57b10

    SHA512

    326c77553b518020906fae5ecbba97cb6f755d20302e4154d61354961900b1c34463c7f4115b298283c7764840e07cda61d4a408eea2c8d1f02c1451551a2982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59959ce5729dd969e0b7e1272d62773c

    SHA1

    5d739d7c4be95452087d559be18eda568b7daf20

    SHA256

    09b227909e19dfa561346c53823626a07c0f1e39c0257b358ee081af1513016c

    SHA512

    c5107bb8dde42a593c394efeabd28bc658efc5393d1d293221edf4a8c83e3981c90109804045b7c68e9e0243bab55790eec491fa6e5b9312430c7b4dc094954d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1d73d7888409b0dd60dd2fee7462304

    SHA1

    8de535738346265e62d22534fa632fef7b49d374

    SHA256

    1969406658723dc755f388df0ee6ac9716ca5df753d0eac3ee2fb3846e2a3c0c

    SHA512

    3a4d96d33248c098c99356aadf125e62c0794e72c2c21588ef792cc0711eacf8710208f103858fa6b01ef8b608f12065802ae11861f28202969a4cd4adabb716

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f2cbe5fc3104cef6e1ebdc467617a6c

    SHA1

    f8d67e2d1272a1e2094aa93a695509f15a8ac1a2

    SHA256

    9e083731e0365319c95f75c28948c0c6997bb288c6d79318e48cb9291cc90359

    SHA512

    1f2774f3ae14898d46568274952717ebeb0ebf32289af95c144e7e509fd25e31801994bc170bc7b3525e9add596c5cd57da6f42a4c770e4f8907d4f1a990ecac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5210193bb5028b76f3c8d365e21e16b

    SHA1

    b6cfa572529c82aa4c32f89f0cb25b864878fb14

    SHA256

    0a555a5d654ff0d83404e589edc66834eaf20661c6b052c3d01be5a40a271113

    SHA512

    be835543fcb642a55940d6806494a82db4c49d1d258f4844c59a4e726d5f4b674eef2cede72213a5d8c22c47392d9b6a30c3e00a1f4add31e66d9f1896e0cc46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24f1b3172d7ed23323333491dc08347d

    SHA1

    ebe4d4d3d4ac68b6ff980d8662237d528ecc7314

    SHA256

    aa5b4f193d4fb207e4c0039cccabf6aac3796d3c280ebb64104291d7e6a2b8eb

    SHA512

    4d572bbae850057040d7d97c6e95234b0438e0a014b7ed8837683e1c98453c6f700252225efd5d4f76bafc9e9e11d10ac062158cc89a8bac02be8541c257ca09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15039ee621c52d911a0f3bf5990fa0c2

    SHA1

    bb0ce2ad545ffc00d08c0313aef5d6008e00dd75

    SHA256

    386ad96c7a07f17108e5faedc9f5223ffdfe125206e7461e70059b6ba1c888d0

    SHA512

    580963b70c96dfe05cba3c769f3fe598f81462b189c134c5f7d3c96a4ded7d67ed061a0b120527bf80f5bde893e478d517bafe46b3a3bfbf4273219b9ce2465e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b526dc752f24f526381bf65063b8fe5

    SHA1

    7b7e017bf1d0c073fbe49d15bec1fd950bf6c5ad

    SHA256

    c6da8d9c47c16ad6e7b2fa6569a4c35022538b04afa4d3785a12468a17beb759

    SHA512

    d989e57fe333c25f0bbf003245f49d7b2fc6382b2a31b5e55e11e9478682d47f56699e2cfac2698e4f80edb09e6bbaeaadf11a6f6598c3fab3095aa16e05a10c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb71e3c2c678264ee85dba25e670194e

    SHA1

    706a1d4ed6578ad0638d1f6c6dc4637ac18ae996

    SHA256

    a94c52f756afb2f0458acae875c237a711baf97d654f2a0e5840f1db143152ac

    SHA512

    6b106c590b93edfd1c9b8fea7c280e3af8c5c3dffebb771466fbc782ed9fac26059370cf78d2ea9cb3743a4df6d71d0ac1b024598f2aa2816a22fdde396f174c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7af6cd345f8b700e711a1cea1b596e06

    SHA1

    d174426b21a6782ba3ae20613bd7090fee6f5367

    SHA256

    a6d564a0df91936f835fbb53a2ba3199fa8a0f4619ab4b11680d2962452587a2

    SHA512

    2e85692e57277bc7189154b727502ebc94dbdf52d03e9d2c0c01012fe177691ac2e55a62bc5bb79587c04c1390dd7fdf784a24b3da48cf682c695d06c51ee11a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbf77d15ef53c5627b6b237d228783d9

    SHA1

    516090b3aa0166ad72fbf54b52ebb1d430dc7da8

    SHA256

    b4c14661f3ffed3f6fa9fd5504871ae8fdbab665b63095080dde2b36b1cd1e26

    SHA512

    bf73d6d5d929eddd5253fc5f27101f66271277b134bd2762712e41fea7d6bf521b39c8479b20a0696e32570722e04ac4482d82d6e199fe332a6744a998189cf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c668a2d4ae438e64a03a85ff8b44f3c

    SHA1

    6dd86f7e2f8154f90ba37121f9e37d08d19003e1

    SHA256

    2d7e2e794ed6bf3410be76b2cf9fb102a7390abc4b35b0aa46aa0f5b931c19a0

    SHA512

    7ea7663df605c2b48ab1c4f9f4992fbc0e8512d350d50c4fbfa81e50f7fae5ff8f6d0787b0b5f618e387cc339b7192ae232d8f72cc6906ec9047107e375985f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdcdba6942477f04f015f86534ef4771

    SHA1

    f1639d2672c057c20cfe1c8569b6e0b6739b94ee

    SHA256

    678bb54232594345ee0557bdf04dd359a645f4b3e1af267e1e0d40037ef7bc6c

    SHA512

    25568f2badb75cc261571ecd1e1c231047d4fe52985b13ae1fc32bac6165fcf2370925210e245d2b7cbc8ddb60148105c6ace828ca50795a6855015687068571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d998a6592c7727d2239501f7769b0040

    SHA1

    24ca1db7d19410ed036f8cd968b2f06e47595458

    SHA256

    a7b7319da01dafc39cb5515816479925ed9177aecf7c17300977954b4875fb7b

    SHA512

    39bdcf9fe19a695c3a79e2a8121a35d3da52cc4afd07d8ab43fea8fd4231776f2c6aa8c2d8e5e8236402ee6abdc283040bd099eb2cfb5ac6a013541263f474b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9daf372c40d471151154cdda05db8816

    SHA1

    0c5d9772b191170ec7b03f0d1b2919c652789ad5

    SHA256

    1dc63eb7987f90ae09e56b8d22f7bd7be4b0be3f2e7dcf45a9f5474bffe3cfea

    SHA512

    8cc9f7a49acc9061d1ab449939d186af0acdf44a00d45569021e74bc533c3efb5a004c3ae9ab1dbba5026fdaaadf3070dc44c02d7021e58331c281e7bd118fda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fc71be2fec7b4c4f534b7f4c39c3cc6

    SHA1

    5ab01fb87986584c8e94b2edf22cf960a0b2de0d

    SHA256

    88b15a51b578469e318caf8abac6f81983be4c9b2b95d4dca3976e69a45e19b9

    SHA512

    43b0a8b09eb4526cd394cf1e8dc7cb450550d92a63c15d0e8965e7a0ed11cede9816265a05f383d93c093e2a78920d422a2c9232e3ecd01c5df2dc8cba13f253

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2159916b9e88815bb2fd7b995f1d0e1f

    SHA1

    bc9c94f9f4dd2db5491ea04eb19f0ea8ebdfe9e7

    SHA256

    bcdc39c323d5ae68ad24285e21eb318fde5d114299ed9b4f5380e051e4cc32fe

    SHA512

    7c9d15d8882c1bed82b2257ecc7cb953fcfbc33a7696da491974a224d5389613214675d7d07673e48ac9de30dc4553244436e0b02b8d981c5ac98af7c9737448

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67f5b1609fdebff11eb66de04f8d1713

    SHA1

    4d7d476b6fd5b623ca8f0ec50c6268c76cc131bf

    SHA256

    06dd8b94108510f64c5e0e7a9b25c61eda96912835175e57b6859516bfd8e35b

    SHA512

    90c7d091228d87cba36b1bae51cb6311a419e5df3aadb0823e03f292530b4ca3af6a015f6c868922f9c017042a32659670215fd44bffe1ff476bd340083e7511

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff761b4ce862c5f0e12553e188e239b3

    SHA1

    e6ccaaa6da02a9439b02d4ba55ff49b3ed3e4029

    SHA256

    d6e5344ef653d0a74ae1dd6af050c7b90a385bb6c9897a6efe3958212748101f

    SHA512

    5982b6aa57d7a3da9cf604619b050ed1bdef5b86c6712e79cb243f89cd0a29bebc4864932723a75747784664fb0fc42f3f0ee705324b4bfb8323477230e828f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCBC8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCD29.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1216-18-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1216-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-22-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.