Overview

overview

7

Static

static

3

f6ccd68ff4...1f.exe

windows7-x64

7

f6ccd68ff4...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    09/06/2024, 00:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f6ccd68ff44990fa270e8b9267fdbc1504fc62c5462360675a8b6b96607c4f1f.exe

  • Size

    17KB

  • MD5

    04dfa72f342558587dcb6fd74d28e5d4

  • SHA1

    d9f7c932b1497618c54edfc24ef95312a2584fd8

  • SHA256

    f6ccd68ff44990fa270e8b9267fdbc1504fc62c5462360675a8b6b96607c4f1f

  • SHA512

    ed88d41c52ca91ff069604320c346a020eccc56632d89f554845d4bf5af43d48327fd16268106c194660333f10cf48f3f8f4c4d3c59a400c610eb415f182531d

  • SSDEEP

    192:nx+uPBkqyIfgm64++u6gzYMzZ0dqsEq65+O0I5L0pJ/WDvd0EtITbKH62RTs2/fe:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/m

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6ccd68ff44990fa270e8b9267fdbc1504fc62c5462360675a8b6b96607c4f1f.exe
    "C:\Users\Admin\AppData\Local\Temp\f6ccd68ff44990fa270e8b9267fdbc1504fc62c5462360675a8b6b96607c4f1f.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rcg6yqp7uAk16ru.exe
    Filesize

    17KB

    MD5

    f5a9e987580dac6ac5a31ed28ec90cbc

    SHA1

    af487bc1bf6876cb9cd5433435904a14bd5e0241

    SHA256

    75fcb6473f1853f92834cc9a1531a7d0bb22a9bfef71989eaaf55505d23701ac

    SHA512

    2748f0501f9b16bef1d5afbbf52176aae800e349ede31da962ce655bb438baa7ca119af9361797e7215a31e341e2570af52330ba2129d1c727310c7800c6305e

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit