Overview

overview

8

Static

static

7

c91ad14140...23.exe

windows7-x64

8

c91ad14140...23.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03/06/2024, 12:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe

  • Size

    1.3MB

  • MD5

    d4f7d928f7a5b1d36f89dded39d9c3e0

  • SHA1

    8bfaf10334949d19265584c6fc15867b694d0369

  • SHA256

    c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423

  • SHA512

    e8cdb3313f4a4174d7e924b01ea3822a78f4a8c18d942850bee463c58cdf58d0703d5b80f3737b8df4bf37dee2dc184003810e7515a5e4fb0ea6e0b2d84189a2

  • SSDEEP

    24576:Qak/7Nk4RZ45LKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/GkZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
    "C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe
      "C:\Users\Admin\AppData\Local\Temp\c91ad1414073691bbc7da083090cf091ffe9bc91025a1be93480d48e32d83423.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1216
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2096
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ad0ea8366989525456d392d2a847b6f2

    SHA1

    5734477eddd64336edcb4c46ec114ecf6a0b70d7

    SHA256

    2ef5d89a7dc7f74132a4ee1eb70b23800a059326b9d6fea49995e0a343b57b10

    SHA512

    326c77553b518020906fae5ecbba97cb6f755d20302e4154d61354961900b1c34463c7f4115b298283c7764840e07cda61d4a408eea2c8d1f02c1451551a2982

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59959ce5729dd969e0b7e1272d62773c

    SHA1

    5d739d7c4be95452087d559be18eda568b7daf20

    SHA256

    09b227909e19dfa561346c53823626a07c0f1e39c0257b358ee081af1513016c

    SHA512

    c5107bb8dde42a593c394efeabd28bc658efc5393d1d293221edf4a8c83e3981c90109804045b7c68e9e0243bab55790eec491fa6e5b9312430c7b4dc094954d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1d73d7888409b0dd60dd2fee7462304

    SHA1

    8de535738346265e62d22534fa632fef7b49d374

    SHA256

    1969406658723dc755f388df0ee6ac9716ca5df753d0eac3ee2fb3846e2a3c0c

    SHA512

    3a4d96d33248c098c99356aadf125e62c0794e72c2c21588ef792cc0711eacf8710208f103858fa6b01ef8b608f12065802ae11861f28202969a4cd4adabb716

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3f2cbe5fc3104cef6e1ebdc467617a6c

    SHA1

    f8d67e2d1272a1e2094aa93a695509f15a8ac1a2

    SHA256

    9e083731e0365319c95f75c28948c0c6997bb288c6d79318e48cb9291cc90359

    SHA512

    1f2774f3ae14898d46568274952717ebeb0ebf32289af95c144e7e509fd25e31801994bc170bc7b3525e9add596c5cd57da6f42a4c770e4f8907d4f1a990ecac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5210193bb5028b76f3c8d365e21e16b

    SHA1

    b6cfa572529c82aa4c32f89f0cb25b864878fb14

    SHA256

    0a555a5d654ff0d83404e589edc66834eaf20661c6b052c3d01be5a40a271113

    SHA512

    be835543fcb642a55940d6806494a82db4c49d1d258f4844c59a4e726d5f4b674eef2cede72213a5d8c22c47392d9b6a30c3e00a1f4add31e66d9f1896e0cc46

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    24f1b3172d7ed23323333491dc08347d

    SHA1

    ebe4d4d3d4ac68b6ff980d8662237d528ecc7314

    SHA256

    aa5b4f193d4fb207e4c0039cccabf6aac3796d3c280ebb64104291d7e6a2b8eb

    SHA512

    4d572bbae850057040d7d97c6e95234b0438e0a014b7ed8837683e1c98453c6f700252225efd5d4f76bafc9e9e11d10ac062158cc89a8bac02be8541c257ca09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15039ee621c52d911a0f3bf5990fa0c2

    SHA1

    bb0ce2ad545ffc00d08c0313aef5d6008e00dd75

    SHA256

    386ad96c7a07f17108e5faedc9f5223ffdfe125206e7461e70059b6ba1c888d0

    SHA512

    580963b70c96dfe05cba3c769f3fe598f81462b189c134c5f7d3c96a4ded7d67ed061a0b120527bf80f5bde893e478d517bafe46b3a3bfbf4273219b9ce2465e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b526dc752f24f526381bf65063b8fe5

    SHA1

    7b7e017bf1d0c073fbe49d15bec1fd950bf6c5ad

    SHA256

    c6da8d9c47c16ad6e7b2fa6569a4c35022538b04afa4d3785a12468a17beb759

    SHA512

    d989e57fe333c25f0bbf003245f49d7b2fc6382b2a31b5e55e11e9478682d47f56699e2cfac2698e4f80edb09e6bbaeaadf11a6f6598c3fab3095aa16e05a10c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb71e3c2c678264ee85dba25e670194e

    SHA1

    706a1d4ed6578ad0638d1f6c6dc4637ac18ae996

    SHA256

    a94c52f756afb2f0458acae875c237a711baf97d654f2a0e5840f1db143152ac

    SHA512

    6b106c590b93edfd1c9b8fea7c280e3af8c5c3dffebb771466fbc782ed9fac26059370cf78d2ea9cb3743a4df6d71d0ac1b024598f2aa2816a22fdde396f174c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7af6cd345f8b700e711a1cea1b596e06

    SHA1

    d174426b21a6782ba3ae20613bd7090fee6f5367

    SHA256

    a6d564a0df91936f835fbb53a2ba3199fa8a0f4619ab4b11680d2962452587a2

    SHA512

    2e85692e57277bc7189154b727502ebc94dbdf52d03e9d2c0c01012fe177691ac2e55a62bc5bb79587c04c1390dd7fdf784a24b3da48cf682c695d06c51ee11a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fbf77d15ef53c5627b6b237d228783d9

    SHA1

    516090b3aa0166ad72fbf54b52ebb1d430dc7da8

    SHA256

    b4c14661f3ffed3f6fa9fd5504871ae8fdbab665b63095080dde2b36b1cd1e26

    SHA512

    bf73d6d5d929eddd5253fc5f27101f66271277b134bd2762712e41fea7d6bf521b39c8479b20a0696e32570722e04ac4482d82d6e199fe332a6744a998189cf9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c668a2d4ae438e64a03a85ff8b44f3c

    SHA1

    6dd86f7e2f8154f90ba37121f9e37d08d19003e1

    SHA256

    2d7e2e794ed6bf3410be76b2cf9fb102a7390abc4b35b0aa46aa0f5b931c19a0

    SHA512

    7ea7663df605c2b48ab1c4f9f4992fbc0e8512d350d50c4fbfa81e50f7fae5ff8f6d0787b0b5f618e387cc339b7192ae232d8f72cc6906ec9047107e375985f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bdcdba6942477f04f015f86534ef4771

    SHA1

    f1639d2672c057c20cfe1c8569b6e0b6739b94ee

    SHA256

    678bb54232594345ee0557bdf04dd359a645f4b3e1af267e1e0d40037ef7bc6c

    SHA512

    25568f2badb75cc261571ecd1e1c231047d4fe52985b13ae1fc32bac6165fcf2370925210e245d2b7cbc8ddb60148105c6ace828ca50795a6855015687068571

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d998a6592c7727d2239501f7769b0040

    SHA1

    24ca1db7d19410ed036f8cd968b2f06e47595458

    SHA256

    a7b7319da01dafc39cb5515816479925ed9177aecf7c17300977954b4875fb7b

    SHA512

    39bdcf9fe19a695c3a79e2a8121a35d3da52cc4afd07d8ab43fea8fd4231776f2c6aa8c2d8e5e8236402ee6abdc283040bd099eb2cfb5ac6a013541263f474b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9daf372c40d471151154cdda05db8816

    SHA1

    0c5d9772b191170ec7b03f0d1b2919c652789ad5

    SHA256

    1dc63eb7987f90ae09e56b8d22f7bd7be4b0be3f2e7dcf45a9f5474bffe3cfea

    SHA512

    8cc9f7a49acc9061d1ab449939d186af0acdf44a00d45569021e74bc533c3efb5a004c3ae9ab1dbba5026fdaaadf3070dc44c02d7021e58331c281e7bd118fda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fc71be2fec7b4c4f534b7f4c39c3cc6

    SHA1

    5ab01fb87986584c8e94b2edf22cf960a0b2de0d

    SHA256

    88b15a51b578469e318caf8abac6f81983be4c9b2b95d4dca3976e69a45e19b9

    SHA512

    43b0a8b09eb4526cd394cf1e8dc7cb450550d92a63c15d0e8965e7a0ed11cede9816265a05f383d93c093e2a78920d422a2c9232e3ecd01c5df2dc8cba13f253

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2159916b9e88815bb2fd7b995f1d0e1f

    SHA1

    bc9c94f9f4dd2db5491ea04eb19f0ea8ebdfe9e7

    SHA256

    bcdc39c323d5ae68ad24285e21eb318fde5d114299ed9b4f5380e051e4cc32fe

    SHA512

    7c9d15d8882c1bed82b2257ecc7cb953fcfbc33a7696da491974a224d5389613214675d7d07673e48ac9de30dc4553244436e0b02b8d981c5ac98af7c9737448

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67f5b1609fdebff11eb66de04f8d1713

    SHA1

    4d7d476b6fd5b623ca8f0ec50c6268c76cc131bf

    SHA256

    06dd8b94108510f64c5e0e7a9b25c61eda96912835175e57b6859516bfd8e35b

    SHA512

    90c7d091228d87cba36b1bae51cb6311a419e5df3aadb0823e03f292530b4ca3af6a015f6c868922f9c017042a32659670215fd44bffe1ff476bd340083e7511

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff761b4ce862c5f0e12553e188e239b3

    SHA1

    e6ccaaa6da02a9439b02d4ba55ff49b3ed3e4029

    SHA256

    d6e5344ef653d0a74ae1dd6af050c7b90a385bb6c9897a6efe3958212748101f

    SHA512

    5982b6aa57d7a3da9cf604619b050ed1bdef5b86c6712e79cb243f89cd0a29bebc4864932723a75747784664fb0fc42f3f0ee705324b4bfb8323477230e828f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCBC8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCD29.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1216-18-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1216-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-22-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1216-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2812-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2812-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download