Overview

overview

7

Static

static

3

06eb63c2c1...cf.exe

windows7-x64

7

06eb63c2c1...cf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-07-2024 18:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06eb63c2c1c340458210f4686c15033955499311f9f2477434e4a2bb38983ccf.exe

  • Size

    17KB

  • MD5

    90d47e2e5f4706b817082b4f3e2d7c68

  • SHA1

    d3fc7d6ec08417522eebe4b87dab4a1f5be94c5c

  • SHA256

    06eb63c2c1c340458210f4686c15033955499311f9f2477434e4a2bb38983ccf

  • SHA512

    31c4d096eacd3b038892a7fd0dc406e40514e15cd18b1ef375daa7292f97706df8d361a99de9a76ea60c73dcaf9352b5d6ab119acbf21b41a9a1c64ea09aa538

  • SSDEEP

    384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/wku+4i:IMAQ+BzWPEwnE+KHM2/wku+P

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06eb63c2c1c340458210f4686c15033955499311f9f2477434e4a2bb38983ccf.exe
    "C:\Users\Admin\AppData\Local\Temp\06eb63c2c1c340458210f4686c15033955499311f9f2477434e4a2bb38983ccf.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:3848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    338KB

    MD5

    88da2df2c78da9a500e884239e8cb998

    SHA1

    7b9deb95d5268bef78a4478a3c4bd37a29ad5adc

    SHA256

    e350f1bc7dd60fc3ffee0ad509e6c6c3b70389cb745049712cb097500fe9bbfb

    SHA512

    18bb556ab4ec4d4a6f6a2a488716bbe018b6b66b30b7d234283a2ea3d6da89bd6a65acf9663a0b45037f27cce33275532b8ff91bd39b0b452b934b7bda483e33

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\ypRyRxUg0zMyijZ.exe
    Filesize

    17KB

    MD5

    7c1a74ad6ca1ac33899dceddfce91d83

    SHA1

    5e54d633970eb728ab81b1ab30afbecdb6f00973

    SHA256

    1493c287e640a804500bd318c534c09f9855ef350df79178e88ac2afe270b151

    SHA512

    926dd5e883e98d04c88859f8834e6455851c52e1715327924216eed4c93e7e5980cbd853ee6ce9fd83f11334473b41c857237a8555385be6d9958907dbb06668

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit