Overview

overview

7

Static

static

3

e74df388bb...08.exe

windows7-x64

7

e74df388bb...08.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2024, 04:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe

  • Size

    1.9MB

  • MD5

    5506709b9a3f8ea50e876002c498ed1d

  • SHA1

    bd1a7a2c7def5bd09daf5d1db3f02961aea65d35

  • SHA256

    e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208

  • SHA512

    9dc0b7e34b3334f588de05991671f23c786cfddfa034ffa23525b12ddf14710770bef8e05361ac594d27ee3323b6c466b2515a9bca8c39f6f5e2476114989a88

  • SSDEEP

    49152:V+J4PXb3+G9rxXA346UfCxvmO663VQWzE+OEr:MwrxxXANlutW5OEr

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe
    "C:\Users\Admin\AppData\Local\Temp\e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Users\Admin\AppData\Local\Temp\e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe
      "C:\Users\Admin\AppData\Local\Temp\e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1128
      • C:\Users\Admin\AppData\Local\Temp\e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe
        "C:\Users\Admin\AppData\Local\Temp\e74df388bb8dfd0718b2ac0b55f0a27224d927c98621e4e95f35ed8fe9008208.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\german beast full movie 50+ .zip.exe
    Filesize

    1.4MB

    MD5

    c2ce64a9a5120e341512e521aa3b9bad

    SHA1

    415890a4ceee809f3611e3cf48871ac3d9a88359

    SHA256

    5e40d8db9de61116540a1158ba3d065ddb9c5ebfda03e267af9264574035d586

    SHA512

    374cf3b4b5435de95ed43e82dd88d3838248a9eb61c9f4abd1bfbe601c8c36276e4a120359c9938e30581a0332f852dcbc9cd0a632db36484bf0fcdc3504a344

    Download Submit

  • C:\debug.txt
    Filesize

    183B

    MD5

    3e99bb337661e4077a0c1a9549eb0df8

    SHA1

    166bd2c72311aa843e5ef9517a8960828a002f9c

    SHA256

    89abc871e13cb95e748f632acf729feb6e20975aed046f592a76ff38dd927969

    SHA512

    df49245f6cde37f8e1412b375ee0d2bcde73e972dbcd50095c11541092044fa922c14736ccbfb8ea0080fd6b1c73085dcdf1e990c9e0df8d6d404ad9202f19d3

    Download Submit

  • memory/1128-16-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/1128-56-0x0000000004CE0000-0x0000000004D0B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2684-57-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2856-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2856-15-0x0000000004A40000-0x0000000004A6B000-memory.dmp

    Filesize

    172KB

    Download