Overview

overview

10

Static

static

10

4193f57c71...93.exe

windows7-x64

9

4193f57c71...93.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/06/2024, 20:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4193f57c71a4c5a46fb50bbadee6e9d1786bba4820f17da52bbd0b741e311693.exe

  • Size

    387KB

  • MD5

    6a83e0018512174846a87c577db58ba2

  • SHA1

    91e67bb940eb4736aca57e93f9251cc21816e7fd

  • SHA256

    4193f57c71a4c5a46fb50bbadee6e9d1786bba4820f17da52bbd0b741e311693

  • SHA512

    52032a277a6c5f204efce6b122c453c08bcc9bb47b1f486d27a328e197163f24abef622744879dadc69ea4d771e4b1f8e925c6556014d9177f0e5dad12dd9a85

  • SSDEEP

    6144:/rTfUHeeSKOS9ccFKk3Y9t9YZjuiYz1MpA5nL:/n8yN0Mr8ZjtI1z5nL

Score
9/10
persistencespywarestealer

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 20 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4193f57c71a4c5a46fb50bbadee6e9d1786bba4820f17da52bbd0b741e311693.exe
    "C:\Users\Admin\AppData\Local\Temp\4193f57c71a4c5a46fb50bbadee6e9d1786bba4820f17da52bbd0b741e311693.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1496
    • C:\Users\Public\Microsoft Build\Isass.exe
      "C:\Users\Public\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:4160
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3668 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:872

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Public\Microsoft Build\Isass.exe
            Filesize

            387KB

            MD5

            6a83e0018512174846a87c577db58ba2

            SHA1

            91e67bb940eb4736aca57e93f9251cc21816e7fd

            SHA256

            4193f57c71a4c5a46fb50bbadee6e9d1786bba4820f17da52bbd0b741e311693

            SHA512

            52032a277a6c5f204efce6b122c453c08bcc9bb47b1f486d27a328e197163f24abef622744879dadc69ea4d771e4b1f8e925c6556014d9177f0e5dad12dd9a85

            Download Submit

          • C:\odt\office2016setup.exe
            Filesize

            5.5MB

            MD5

            0d87f9b022eb9de5206b939610f91c15

            SHA1

            af088d0b3a9888fb244affa76c327645137a3c11

            SHA256

            fa975a3766239301aaf689c23ffd13194e241cafc1afdfef04718cac2eae4b34

            SHA512

            a8f11e25dd3d8bf8e938425dc1a5692ebf7d000f9a6b2686aebf05448cea124f47717a043fcc774551bd3f12f0bcaa0d2c049caba9d06732fc7142e2185b48b0

            Download Submit

          • memory/1496-8-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/1496-0-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/1496-1-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4160-21-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-28-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-10-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-13-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-17-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-7-0x0000000001A50000-0x0000000001A51000-memory.dmp

            Filesize

            4KB

            Download

          • memory/4160-6-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-22-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-27-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-9-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-34-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-38-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-45-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-46-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-54-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-55-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download

          • memory/4160-64-0x0000000000400000-0x00000000016A8E52-memory.dmp

            Filesize

            18.7MB

            Download