Overview

overview

7

Static

static

3

77ca61b0a1...41.exe

windows7-x64

7

77ca61b0a1...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/06/2024, 09:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841.exe

  • Size

    273KB

  • MD5

    dac16cc836b331530ddd3fcee923bbcc

  • SHA1

    25dd9fdd506ffd633e908ae0e82c3d02c45ccb8c

  • SHA256

    77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841

  • SHA512

    bca50b17ead01e43cd955eb5a21168abaaa6af0003ee881b2f669fc830da4fa9d4868577fdd13fbb410db03dec60f2e0fa0abcb397415abbefc36ec8c5d01942

  • SSDEEP

    3072:jWhZ406dHnD61kLRkgUA1nQZwFGVO4Mqg+WDY:aZ40PkLRp1nQ4QLd

Score
7/10
spywarestealer

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 4 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3296
      • C:\Users\Admin\AppData\Local\Temp\77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841.exe
        "C:\Users\Admin\AppData\Local\Temp\77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841.exe"
        2⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:3176
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$a2239.bat
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4028
          • C:\Users\Admin\AppData\Local\Temp\77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841.exe
            "C:\Users\Admin\AppData\Local\Temp\77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841.exe"
            4⤵
            • Executes dropped EXE
            PID:3892
        • C:\Windows\Logo1_.exe
          C:\Windows\Logo1_.exe
          3⤵
          • Drops startup file
          • Executes dropped EXE
          • Enumerates connected drives
          • Drops file in Program Files directory
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4700
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:3432
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              5⤵
                PID:2260
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3744 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:8
        1⤵
          PID:4300

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
                Filesize

                2.1MB

                MD5

                712443c39bc161af4323d94fbb81f6bd

                SHA1

                de61a36dcceb38fd830694fd56e67a7970ffeff2

                SHA256

                4cfd04b66b8680ee97bb319f33cb88eb4c8db990163adec43558d9722c83099c

                SHA512

                35b53f2d75edaad4ad92642c8fa3a86b0a99b983b1c0a42c7b37dcc4b4f7f0a1a8e5ee490e13308fea8fd50be233f3c6b30573f766caa24b147c81bb6a642061

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\$$a2239.bat
                Filesize

                722B

                MD5

                962f24c2aeea462ed5cf59e5618f01af

                SHA1

                ec54749a659b2bbbb546d7c8fc221589c8e70854

                SHA256

                8ca7cd2380040f66682e9fe715a8c7516c252ac4afd241ff1fcbccf2f4d08c8f

                SHA512

                b84ac01fb3d977785e54e317419a463ad37155216a5ce08acd930dacdfaff101a361569b4e2a4f1011d0761ac65882b723c9e9d35b94c83308b94cf75c64eb37

                Download Submit

              • C:\Users\Admin\AppData\Local\Temp\77ca61b0a1272eef1748090afab2905285a8a6ba8ba71ff302087eedb5810841.exe.exe
                Filesize

                231KB

                MD5

                6f581a41167d2d484fcba20e6fc3c39a

                SHA1

                d48de48d24101b9baaa24f674066577e38e6b75c

                SHA256

                3eb8d53778eab9fb13b4c97aeab56e4bad2a6ea3748d342f22eaf4d7aa3185a7

                SHA512

                e1177b6cea89445d58307b3327c78909adff225497f9abb8de571cdd114b547a8f515ec3ab038b583bf752a085b231f6329d6ca82fbe6be8a58cd97a1dbaf0f6

                Download Submit

              • C:\Windows\Logo1_.exe
                Filesize

                42KB

                MD5

                b6222d6bd605e9f4ad4809c2b952b903

                SHA1

                3126fa33e0251155b035eba0396fc1cd22be2765

                SHA256

                1bef96ba1b19fbf84bbd502edd24b123282855c6659248635d82e50578499aab

                SHA512

                8927f28cf9e27939a6abf5214969f40621906f9071b5288b7cd3a1664043e38ed0a6e46dd8eade770aa2a0d830c362bc30e150f53ef60ee558b512872f820961

                Download Submit

              • F:\$RECYCLE.BIN\S-1-5-21-3808065738-1666277613-1125846146-1000\_desktop.ini
                Filesize

                9B

                MD5

                3b22ce0fee2d1aaf2c66dcd142740e29

                SHA1

                94d542b4bb9854a9419753c38e6ffe747653d91c

                SHA256

                8284772f28954a109c16f1583e6e34e29f06673b34e04f268bda961b57ba9f79

                SHA512

                efd4900a49624170e51ea401f0845634f49484a49335845258dc3d41a12e2022bf413a6751fcbcfd1ec68cde506f3363beae57f20e8eaca8b214d28baa138c5b

                Download Submit

              • memory/3176-11-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/3176-0-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-43-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-18-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-8-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-590-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-1715-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-2270-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-3772-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-5309-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-6199-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-8336-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download

              • memory/4700-8828-0x0000000000400000-0x000000000044E000-memory.dmp

                Filesize

                312KB

                Download