Overview

overview

7

Static

static

3

56277419d7...6a.exe

windows7-x64

7

56277419d7...6a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/07/2024, 03:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    56277419d7975b27b2cd81cecaa59bc590f8156a3f1925a26170432276e5896a.exe

  • Size

    17KB

  • MD5

    43125c772073d414c2ce745dde6c7cb8

  • SHA1

    e5da61546d7fd60afdfa35e14baf8d4079304edb

  • SHA256

    56277419d7975b27b2cd81cecaa59bc590f8156a3f1925a26170432276e5896a

  • SHA512

    223ba397f8d3b298bd898974aa0d108afb7fb3b3859057ea4369511daef6972e698406e1b5c31f88b5ae7592fe1fdc86980cc0764d2bdb7bce48b355ce4a8809

  • SSDEEP

    384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/eeE:IMAQ+BzWPEwnE+KHM2/eeE

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56277419d7975b27b2cd81cecaa59bc590f8156a3f1925a26170432276e5896a.exe
    "C:\Users\Admin\AppData\Local\Temp\56277419d7975b27b2cd81cecaa59bc590f8156a3f1925a26170432276e5896a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4532
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:4640

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
          Filesize

          338KB

          MD5

          ef5b39b3fec3a6685df77e1f70f0e237

          SHA1

          7443fe1302741db7d3c51cbaf02a6684636089ef

          SHA256

          782c33a2dc78fd6de8a88c5d6bae4ae1adb9707cb77f49c46f6434acac1fa8e2

          SHA512

          4e0749e3b351f1a43d576138671bc2524d72411a563076f73e5ca4af069dd3518b59d6cd2f45d697f18daf8478829979deb884e11707a6204307e9236f9977ae

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\vrS7XmyHCu676Eb.exe
          Filesize

          17KB

          MD5

          19295af9f6d4d03ca1bd1cbf13e05f7b

          SHA1

          6bfb87ab7260bee8f05cb9b1139dceb480c4acda

          SHA256

          0ab67d06ae2d2a5c3a925232bd8d21159bb4911c9c4df45eca958da201526f50

          SHA512

          d5a506ab1fadb811b003fe0610f1bce010aa33cedaa8462263d5b63469c2478cedff756c22ddfc7af2c9c177d6b3973c9dfed417f757667e44ad9f9dd596d2ef

          Download Submit

        • C:\Windows\svhost.exe
          Filesize

          16KB

          MD5

          76fd02b48297edb28940bdfa3fa1c48a

          SHA1

          bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

          SHA256

          07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

          SHA512

          28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

          Download Submit