Overview

overview

7

Static

static

3

9d08562849...15.exe

windows7-x64

7

9d08562849...15.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16-06-2024 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d0856284929b3636ba00ee3f3b848d80312e076eb1d0dec125cbb3e389f5c15.exe

  • Size

    2.0MB

  • MD5

    b1e962e0aced0fecd607585e68525a10

  • SHA1

    8a9eebbee5a90504f296d67d34079c9a6c602c10

  • SHA256

    9d0856284929b3636ba00ee3f3b848d80312e076eb1d0dec125cbb3e389f5c15

  • SHA512

    056d5886b6ba4cbe8b525689f9461f25ca83873076c97d85e4ccf95b08e08f65313cf1675b67ff0bf8f85b27a699a16b3e60f8f35da2597b4bbcded0f200cc2e

  • SSDEEP

    6144:7rb74D5EJNqOZQl3pOESErIOXoLbpCNr49+gOB+k6WQUoig934jrkolLyZH:Hb7q5EJNysCxXoLbmBBBIWloig5N+Ly

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 15 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1208
      • C:\Users\Admin\AppData\Local\Temp\9d0856284929b3636ba00ee3f3b848d80312e076eb1d0dec125cbb3e389f5c15.exe
        "C:\Users\Admin\AppData\Local\Temp\9d0856284929b3636ba00ee3f3b848d80312e076eb1d0dec125cbb3e389f5c15.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1636
        • C:\Users\Admin\AppData\Local\Temp\9d0856284929b3636ba00ee3f3b848d80312e076eb1d0dec125cbb3e389f5c15.exe
          "C:\Users\Admin\AppData\Local\Temp\9d0856284929b3636ba00ee3f3b848d80312e076eb1d0dec125cbb3e389f5c15.exe"
          3⤵
            PID:2016

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
        Filesize

        150KB

        MD5

        edac5a9e8629403bad0502bb987d8577

        SHA1

        588d19c78a51cb2f6c7f92bbc234b7a24f431ad1

        SHA256

        c935ee4c162ab674f2597383f1b00d8abbab8542b74fb323b21cb10d8268399b

        SHA512

        689965c668eb51769b80743cb5df2aff76cbece888ae70c583c34d04fbaa2497548cdd2c769de0bf8148cceeea0641f06b5b2018b688eb2337dca0262e9f4f13

        Download Submit

      • memory/1208-6-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1208-5-0x00000000025D0000-0x00000000025D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1636-127-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-487-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-467-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-381-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-1-0x0000000001FF0000-0x0000000002202000-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-215-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-449-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-0-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-240-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/1636-303-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-242-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-304-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-382-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-241-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-452-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-128-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-3-0x0000000000220000-0x0000000000221000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2016-468-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-2-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download

      • memory/2016-488-0x0000000000400000-0x0000000000611900-memory.dmp

        Filesize

        2.1MB

        Download