Overview

overview

7

Static

static

3

e393a6b854...f1.exe

windows7-x64

7

e393a6b854...f1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-06-2024 10:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e393a6b8544f06fc82651ad2dbd6e364b0966fccb9273f77e1ddfd2a36b62ef1.exe

  • Size

    17KB

  • MD5

    48012bb0b4b1e3dc86debecb4ae48953

  • SHA1

    66689a48d44760b615867bd0a2bf8dff0c0544c8

  • SHA256

    e393a6b8544f06fc82651ad2dbd6e364b0966fccb9273f77e1ddfd2a36b62ef1

  • SHA512

    3eea8bcb7932b84f3c81cecd95038ce47dc1f0067b2c1ac60f22f50cbfc636b4e344cbff049753c2c0ae3690f0618bc6ca2edb95d60077f55964cfaf78256989

  • SSDEEP

    384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/ZJEzA:IMAQ+BzWPEwnE+KHM2/YzA

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e393a6b8544f06fc82651ad2dbd6e364b0966fccb9273f77e1ddfd2a36b62ef1.exe
    "C:\Users\Admin\AppData\Local\Temp\e393a6b8544f06fc82651ad2dbd6e364b0966fccb9273f77e1ddfd2a36b62ef1.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3504
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    338KB

    MD5

    080739917f49db99de953c1f82177bc5

    SHA1

    37189c99216e0d7f22d6077fde818284a922182c

    SHA256

    4870fccf5cab5fedc66d62465b55bb4ad05a6dd562215f262bf0a4d589265b42

    SHA512

    b88384584bdc4d445fef8e573166580d69f2a3aa45d4e6de6176e8660ef0fe4caa5734ff5cb4b47b330315f2796fb219233a26560396a369e21f6a1540f622d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\vB2Pz7pZWrHEVBy.exe
    Filesize

    17KB

    MD5

    54568c6863bfa761a58436f870deee98

    SHA1

    1b0216f545c6bc9b2638dc37fcd16967507011c3

    SHA256

    ef51b85fb8952eb4b299d901d50d8191596dfadce5e5f093fce0f8664cd32ba1

    SHA512

    31d11001245aa9a85770017e7030c862a8fc50aef6453927ce55a7b0ec0dae0e3239e391067c6aeedf177e2393ad6e46872af562b767546134226b47fcf23b14

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit