Overview

overview

7

Static

static

3

421cccf13b...22.exe

windows7-x64

7

421cccf13b...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 14:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    421cccf13b9a3986b1d693cf4402cc27f8113a371cbbe4278ae2cf8cd5c5f822.exe

  • Size

    17KB

  • MD5

    5aeed9d692f61029cd0b75863b55f33a

  • SHA1

    f66941b2a0d27ece6d62490493575e1a55ee6f61

  • SHA256

    421cccf13b9a3986b1d693cf4402cc27f8113a371cbbe4278ae2cf8cd5c5f822

  • SHA512

    fe08697c8f7c5acf88cf8c442de1f80d935fc527c5420d2426aa69f29cc1a6086cb6507eef41a2b4d352153902b1ddf8a1d749f4098af0e3d5a3dbc0f81cd2bd

  • SSDEEP

    384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/KLlR:IMAQ+BzWPEwnE+KHM2/KL3

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\421cccf13b9a3986b1d693cf4402cc27f8113a371cbbe4278ae2cf8cd5c5f822.exe
    "C:\Users\Admin\AppData\Local\Temp\421cccf13b9a3986b1d693cf4402cc27f8113a371cbbe4278ae2cf8cd5c5f822.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\d7VBRlA0ziM85vV.exe
    Filesize

    17KB

    MD5

    da8c03ec49fbe6ccfa64752ed2a4cd33

    SHA1

    bb9eadda55a42b954bc57b1a6f8d4d7c3ece0e1d

    SHA256

    128291aa1cecc6764f42391b32f24685d79c60c50cc8dcb90c8671c262871532

    SHA512

    cc1bf1e9d453d887abceb03f15131d81c5af03775e1e58eb99f7ffdc5e93ee1c63294e58b6106835839e9fa262438947c643b3479235eaf0236e009c8df8da1d

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit