Overview

overview

7

Static

static

3

11aeaa78da...88.exe

windows7-x64

7

11aeaa78da...88.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    27-06-2024 03:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11aeaa78da04dea7dea9d34806cdcb457232b646e8a682712070bff13be2bd88.exe

  • Size

    2.4MB

  • MD5

    fdc564b020ee312641077d39fa2ae1e3

  • SHA1

    9f99039618165996378e238a61589bfa4171a2f6

  • SHA256

    11aeaa78da04dea7dea9d34806cdcb457232b646e8a682712070bff13be2bd88

  • SHA512

    10320e7325513cb9ba93bc9d44bb815f802bb5a6ce6bd83a677c0e7b0e1733253ae013f3d4942909d0256372a8a0c5acae3d7d564e9a6dc376aba49c619fcdad

  • SSDEEP

    3072:/0V0+k0n1l/+qL7JbWNbjPR0CyMN/fQBqEcmn:8eJGhpWN5VpEx

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Runs net.exe
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1196
      • C:\Users\Admin\AppData\Local\Temp\11aeaa78da04dea7dea9d34806cdcb457232b646e8a682712070bff13be2bd88.exe
        "C:\Users\Admin\AppData\Local\Temp\11aeaa78da04dea7dea9d34806cdcb457232b646e8a682712070bff13be2bd88.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:1760
        • C:\Users\Admin\AppData\Local\Temp\11aeaa78da04dea7dea9d34806cdcb457232b646e8a682712070bff13be2bd88.exe
          "C:\Users\Admin\AppData\Local\Temp\11aeaa78da04dea7dea9d34806cdcb457232b646e8a682712070bff13be2bd88.exe"
          3⤵
          • Suspicious use of SetWindowsHookEx
          PID:2680
        • C:\Windows\SysWOW64\Net.exe
          Net Send * My god! Some one killed ChineseHacker-2 Monitor
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2860
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 Send * My god! Some one killed ChineseHacker-2 Monitor
            4⤵
              PID:1304

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
        Filesize

        14KB

        MD5

        b10cad7b8a7d016bfb6730e4d0d8ab1a

        SHA1

        95c0da60ecdc629aa9c6cf7e3e6bf656acca5c7c

        SHA256

        6cfd1b79ecbbf3f463527b26ebb3a0ded6bffab8f42b3523c4d3d4be31d0d881

        SHA512

        315edf1977490bf1180fe9fbebeaaecfa65a9980c7fa6791c088b30a5350dd153421cd2653d0c6a35d8847553c80146e588d5afe52fa905fcc33a75f06f51bf6

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
        Filesize

        12KB

        MD5

        8156706568e77846b7bfbcc091c6ffeb

        SHA1

        792aa0db64f517520ee8f745bee71152532fe4d2

        SHA256

        5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

        SHA512

        8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

        Download Submit

      • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
        Filesize

        8KB

        MD5

        7757fe48a0974cb625e89012c92cc995

        SHA1

        e4684021f14053c3f9526070dc687ff125251162

        SHA256

        c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

        SHA512

        b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

        Download Submit

      • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
        Filesize

        451KB

        MD5

        2860d9b7c4ebb9b23863236cfb4ac85c

        SHA1

        ce17ebe18d7fd1c765437e7bfe8fbe7bb58306c1

        SHA256

        8118fc76ce954bb7260627ab81ac19e4f5505733fff240fab2f720ec338a4e32

        SHA512

        2f84033006ac1e9b57ecf4169eab0415e5aea4b2ffac62fab9082756b89317b7e91f23ec72cac0611ed95df2dc7b1bebb0e0f2513b160e4f2ef3e06850b21597

        Download Submit

      • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
        Filesize

        640KB

        MD5

        5d038456244b75fe5a043e259966fe1a

        SHA1

        93b94b37b7791af2c5b3c9764a29f834c7af813f

        SHA256

        c1209733de478ba8dce66833bc4ba0feb63764a2626c469a99fe47aa72c4cb78

        SHA512

        c0c504cdb9d7e9933826e170368fe817108d853d0c24800be9d35e35ec0086e64d314928a661538dfe9c219b3e22bc720842cc23bcded82bdc512c8c93a459d7

        Download Submit

      • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
        Filesize

        640KB

        MD5

        dd638bb8b1359af62a2db34ccce440b3

        SHA1

        602632cac9139b686abe2779f8197b41f0ad8918

        SHA256

        88e5ed638af9e4b156953f0cc239dc4f57b7a4a134870807c59cb39b1d035bd2

        SHA512

        8ff8bb684f6c5639ca91a41b1d98544245490c7fc5b6f62ea5b5e152cc3f620c29da54f3b1d824ecc0fa750b45b0c3d708c56df2d19ad47ed641a02f6bbdc0a8

        Download Submit

      • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
        Filesize

        461KB

        MD5

        4ec65847bb767a6987f4d8ba8ee358dd

        SHA1

        616bff718f4533cdc2ac215781483417f6de7834

        SHA256

        7ce0fcf00fb395223697a635e0375f86f1db92826f676529afd2faf2920bb3b7

        SHA512

        e5e33b1fde42fbce10bbf1578098588c25afb80e5fdcdd190a82a482e926fe107a2444a373305497a553d0f7ec62f704688ab7c6b3239b73f63ed5d213708f52

        Download Submit

      • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
        Filesize

        451KB

        MD5

        48c4df804c6f45b5cc5de382d18af613

        SHA1

        4413f40050fdca5223e4d59b8c77edf7ba246fda

        SHA256

        ebf42bf8feab3174d247c75cec83bee49c14f2e6956e672f09cfd623fad46277

        SHA512

        89f04f250c79619320c04eb52c3d9639e7c192cca2cdd2c05945b3e8bda38be69aea523316f508c25967501fac7fade60e209c669feda1c78ed8ffb3007259be

        Download Submit

      • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
        Filesize

        461KB

        MD5

        4043643a3813973104f9ef5af241b4ab

        SHA1

        f2ae464e4956538b174bd74926bee6b53243d35b

        SHA256

        edcc944dce1973e89352411077796c77d586467b6b1e556352640c35f7c8f040

        SHA512

        ad0e909f519eff5703e346d99a372adde457b3c5bbcbc87a221c2c5642254adff33829cffa3f9930dca27c8ec5c81501796cd103b2c5afb7207d0d6385f4c903

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
        Filesize

        152KB

        MD5

        d1e59a218485dbc4cb8aa8936c17b797

        SHA1

        eef9b1b2a1df2df2d56a79dfdd449e66fd3f4a8c

        SHA256

        100594bcb7a36375ddf0205abbf92aee93f868136ff6d9413881ad3bc6b2455b

        SHA512

        76ef4823b71865edfb7355ee8eac34ec62514fe459056d18e388e9ee7f8fb8eb3454dab12704d13808d24d27e95ff848ac48e51b31b8188542413f7e4385a433

        Download Submit

      • C:\Windows\SysWOW64\runouce.exe
        Filesize

        10KB

        MD5

        b2478f2b68d438cd36708b011c288bc3

        SHA1

        8c70b1f86c2ad30d2b03b43bda4bda86cae6520a

        SHA256

        f8600eff6fb84cb4e249822873acf2468c84adde8a29df2a9b775b426a395f74

        SHA512

        13d45652881dd7985b492ff5c1bbc9fceecd26c6d04d4959ce7aeaa0df18f6803e0429ad773981f6063374a7a0ff631c70709b0fb45403c73181585b9974b7c4

        Download Submit

      • C:\vcredist2010_x86.log.html
        Filesize

        81KB

        MD5

        6c472e9cf991f78067e4c888af8e15e4

        SHA1

        831ba7ae423d030a9b2c9735de384f7badc04525

        SHA256

        5a598d7f16e3e198c9993e8eecc50db25cd62a8a39c2caf20eca0ca631ad5410

        SHA512

        8cbb9cd351d367e1e43ca3c4617a0ddacdcfa6bf0203038767c7adaf793bc5782fe91ef413cacf7a23db31024bca7f63e7e098a3f4749c0341c5aadaf192d17c

        Download Submit

      • memory/1760-1-0x0000000002950000-0x0000000002BBA000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/1760-0-0x0000000000400000-0x000000000066A000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2680-2-0x0000000000400000-0x000000000066A000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2680-8-0x0000000000310000-0x0000000000311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2680-7-0x0000000000310000-0x0000000000311000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2680-30-0x0000000000400000-0x000000000066A000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2680-6-0x0000000000310000-0x0000000000311000-memory.dmp

        Filesize

        4KB

        Download