Overview

overview

7

Static

static

3

32a43ca1c4...50.exe

windows7-x64

7

32a43ca1c4...50.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2024 02:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32a43ca1c42bd173f3395cd3b2674750.exe

  • Size

    286KB

  • MD5

    32a43ca1c42bd173f3395cd3b2674750

  • SHA1

    e6acf8a0670bcc0217325ae0cd05dec57f2ba2d3

  • SHA256

    d31366f45935d41df509d979f639b2e1fbb3f7e04818aaf36d5102481f75698b

  • SHA512

    8a8c9e635ecaa109d6557d672f0348d012f42a0867ecf0f642dd288ab412043ff00f01b66e21286a32262ab3ff3f6d76d0694218d7e393ede8afb49c5408a309

  • SSDEEP

    6144:dXC4vgmhbIxs3NBBlc+eJhxatKx9lRyQVqdUh3IHnO2USJMEV5QQ1y60GCX:dXCNi9B/cvQt09by5yIHnO2NwQ1f0Gy

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32a43ca1c42bd173f3395cd3b2674750.exe
    "C:\Users\Admin\AppData\Local\Temp\32a43ca1c42bd173f3395cd3b2674750.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Users\Admin\AppData\Local\Temp\32a43ca1c42bd173f3395cd3b2674750.exe
      "C:\Users\Admin\AppData\Local\Temp\32a43ca1c42bd173f3395cd3b2674750.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Users\Admin\AppData\Local\Temp\32a43ca1c42bd173f3395cd3b2674750.exe
        "C:\Users\Admin\AppData\Local\Temp\32a43ca1c42bd173f3395cd3b2674750.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Windows Sidebar\Shared Gadgets\indian cumshot horse licking cock (Karin).zip.exe
    Filesize

    815KB

    MD5

    e3643577c3b87a4019c8c7f5f53a8439

    SHA1

    38f09151017375a08ff4b421f80ac66e4b8bbade

    SHA256

    5dfcbff642164d173608a6f1e7a211c90262236cf1584dc714db5258ed72ed30

    SHA512

    907c704a5da3765a0a57ee60112a2350ae8ee22426b49abf6addceaabd640b3bccf9761a229cf2bff5b725a74a5c72ae1c6f8cb449eb1447e1f2beef5fe9b024

    Download Submit

  • C:\debug.txt
    Filesize

    183B

    MD5

    52707ea274ea23de1639d478e0a0125c

    SHA1

    b4e8e7e05272603e73b6643c9bdb032e509c89f3

    SHA256

    73b81557182783a435d56e97e401daff5a353506f828f57c5d86422ad0d62d5b

    SHA512

    84cfa3755e9afb9d316c7f06676e159ca7449184960657083da141ca224fc5a2fdb1082a672bd49994dc07b906469e76cff28e5cc29eb266f46c91db1c4d3e01

    Download Submit

  • memory/2136-0-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2136-66-0x00000000053A0000-0x00000000053CB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2304-91-0x0000000004590000-0x00000000045BB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2964-92-0x0000000000400000-0x000000000042B000-memory.dmp

    Filesize

    172KB

    Download