Overview

overview

7

Static

static

3

a4351ac76b...c9.exe

windows7-x64

7

a4351ac76b...c9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/06/2024, 03:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a4351ac76b175114833ac92e9ee46dc9.exe

  • Size

    71KB

  • MD5

    a4351ac76b175114833ac92e9ee46dc9

  • SHA1

    c1ed2701f7dd187019a6256bf22da6e8cee9bb38

  • SHA256

    536e59d926a16555843c5c0eb4dc5d858e2b573e5d4e804ba1ff1f81e7507866

  • SHA512

    bc46365c86132255e58246a97e179555d898fa0cc9b4fed8af40ac58530995fd601307654c90a1ba71d39a2c6416766b962379e06464e507cf31fa8f95d44963

  • SSDEEP

    1536:Fc8N7UsWjcd9w+AyabjDbxE+MwmvlzuazTv:ZRpAyazIliazTv

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4351ac76b175114833ac92e9ee46dc9.exe
    "C:\Users\Admin\AppData\Local\Temp\a4351ac76b175114833ac92e9ee46dc9.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Windows\CTS.exe
      "C:\Windows\CTS.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          394KB

          MD5

          af6d622dc1863d34ef272d4a0c3f7d14

          SHA1

          85841dc3f53524199bac6cadce70ee47170d564d

          SHA256

          9ab232ef685e4c43d50e823097efc1f157413176f0781823984471108dd9b263

          SHA512

          cbaf73aef2baa11f8ff54777e86d8bf12d25fea861cfae11e770070e8616c45be734f392b9e051850f0d0440f3a0144721603ad43b23e9ed33cca009abfafb18

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\hA9VZRVvvAy9fPW.exe
          Filesize

          71KB

          MD5

          9effe615150365eae7e25f251f139414

          SHA1

          d5745a69ff7cb75b7b58744aa0882cdc8b0d94c9

          SHA256

          ad846998edd472fc8f343e81f62b9ad8a00914792a4f35bd7d2fa1d3295416e5

          SHA512

          680026e8d30050dba5b2b9acc9230889b2784a8ceb5eb138a29eaaa32de5f92b32069ca4a7c16e142d99f193fcc16ac338a1c106bb4880aac92f6a6f911c8017

          Download Submit

        • C:\Windows\CTS.exe
          Filesize

          71KB

          MD5

          f9d4ab0a726adc9b5e4b7d7b724912f1

          SHA1

          3d42ca2098475924f70ee4a831c4f003b4682328

          SHA256

          b43be87e8586ca5e995979883468f3b3d9dc5212fbfd0b5f3341a5b7c56e0fbc

          SHA512

          22a5f0e4b2716244e978ee50771823926f86baf0382ece48fd049f039cf77b5eb0691d83c61148903cff081fdbea969f47b8ed521647717f42bbed5c64552432

          Download Submit