Overview

overview

10

Static

static

10

Ovetyle.exe

windows7-x64

10

Ovetyle.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    93s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-07-2024 01:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ovetyle.exe

  • Size

    110KB

  • MD5

    97fb7011e68cce8ef89862ca325c8993

  • SHA1

    9ae655971d3f829d70193308908f7380c736b981

  • SHA256

    e7069320a2fac5c84ec04d1964e30135e411af78b173385a47ee1bc293a60ead

  • SHA512

    e4d8cc10bec9db2b24702d1401a47d88e576a030ab7a2e0a3c609c6b559ebb6e9d6045dba6a4c5df11db685d0c537d68fb65cf83ec6745342580829b2ffa1060

  • SSDEEP

    1536:F68Vkur7aYynrb2hvUJCvql5wif1LB7g12YjyWBbteeT9TrCYT0PWMR:/yIaYynve2Cil5PffgplTrCYT0P1

Score
10/10
phemedronespywarestealer

Malware Config

Signatures

  • Phemedrone

    An information and wallet stealer written in C#.

    stealerphemedrone
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Ovetyle.exe
    "C:\Users\Admin\AppData\Local\Temp\Ovetyle.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2384
  • C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    1⤵
      PID:3056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2384-0-0x000001C35F860000-0x000001C35F882000-memory.dmp
      Filesize

      136KB

      Download
    • memory/2384-1-0x00007FFFC7ED3000-0x00007FFFC7ED5000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2384-2-0x00007FFFC7ED0000-0x00007FFFC8991000-memory.dmp
      Filesize

      10.8MB

      Download
    • memory/2384-3-0x00007FFFC7ED0000-0x00007FFFC8991000-memory.dmp
      Filesize

      10.8MB

      Download