Analysis

  • max time kernel
    150s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    04-06-2024 00:58

General

  • Target

    a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe

  • Size

    628KB

  • MD5

    47d3b6d3810d4b1b5343d6d34abe0ac9

  • SHA1

    cbb7516c0e7570f5d31355d68728a6e1294e3532

  • SHA256

    a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56

  • SHA512

    97eeec2fbd9d22d69b33ddbc64e14e39d7fd7807abecd0edc99c09d51bdef89ff62b2de7f67d1158915327e2bf4dd7801c8a154fb266d792f6cb59c32166026b

  • SSDEEP

    12288:F1Lh3tGbPGaI3h8BAhnz3MjnGQMX0Ms0e2QHSYW2PxOY7nD+J2x1DHBi:fGrnAdz3Mjn1uiSJ2PxOY7D+Ax1k

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\pdl11CC.tmp

    Filesize

    197KB

    MD5

    1bc225e0c1c2f54cc877b654ccf04684

    SHA1

    66b37d20f580e14efa3312821aa1b44eccd0f1fe

    SHA256

    19486800845b74be3487f1319d6f249ce85e8b47df586dd8e9b9cbb46875ae93

    SHA512

    9e4604f5cb06c498b53ac91eb8b37e923dc5d6629984b77ecbbc149abac5c94352cd8ab64488a3516083a39988282f0fb5b7fc2aa5e81426685a5a039e96f283

  • memory/1512-4-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-3-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/1512-6-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-8-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-10-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-12-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-14-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-16-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-18-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-20-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-22-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-24-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-26-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/1512-30-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB