Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 00:58
Static task
static1
Behavioral task
behavioral1
Sample
a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
Resource
win7-20240215-en
General
-
Target
a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
-
Size
628KB
-
MD5
47d3b6d3810d4b1b5343d6d34abe0ac9
-
SHA1
cbb7516c0e7570f5d31355d68728a6e1294e3532
-
SHA256
a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56
-
SHA512
97eeec2fbd9d22d69b33ddbc64e14e39d7fd7807abecd0edc99c09d51bdef89ff62b2de7f67d1158915327e2bf4dd7801c8a154fb266d792f6cb59c32166026b
-
SSDEEP
12288:F1Lh3tGbPGaI3h8BAhnz3MjnGQMX0Ms0e2QHSYW2PxOY7nD+J2x1DHBi:fGrnAdz3Mjn1uiSJ2PxOY7D+Ax1k
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exepid process 1512 a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exedescription ioc process File opened (read-only) \??\B: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\E: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\H: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\J: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\K: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\L: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\R: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\X: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\A: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\T: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\V: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\G: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\S: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\W: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\I: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\M: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\N: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\O: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\P: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\Q: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\U: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\Y: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe File opened (read-only) \??\Z: a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
197KB
MD51bc225e0c1c2f54cc877b654ccf04684
SHA166b37d20f580e14efa3312821aa1b44eccd0f1fe
SHA25619486800845b74be3487f1319d6f249ce85e8b47df586dd8e9b9cbb46875ae93
SHA5129e4604f5cb06c498b53ac91eb8b37e923dc5d6629984b77ecbbc149abac5c94352cd8ab64488a3516083a39988282f0fb5b7fc2aa5e81426685a5a039e96f283