Overview

overview

7

Static

static

3

49eabe0b72...a0.exe

windows7-x64

7

49eabe0b72...a0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 05:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    49eabe0b72c309ee07a6198f775e91a0.exe

  • Size

    352KB

  • MD5

    49eabe0b72c309ee07a6198f775e91a0

  • SHA1

    1af17504125a1d2352bf7c8741c8c00690fd5e0a

  • SHA256

    440bdf8d2e91860287db883a05ba24d14782bce520de18900f8540335f0d85c8

  • SHA512

    92b0359975647447d9b446aa50938ab0773d219689dd1477931fea7a28abdcc0fe8f98839de07b37fbcabeb47ac89115129b420c5ef0eb86834ff3b6931d7430

  • SSDEEP

    6144:dXC4vgmhbIxs3NBBL2VYiOHfGiilpEkV+QVznZqh67Ew5fwliGS77uIhqxpK7+79:dXCNi9B98YiO/GwkTVjZ97EwlyS77uI4

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 10 IoCs
  • Drops file in Program Files directory 15 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49eabe0b72c309ee07a6198f775e91a0.exe
    "C:\Users\Admin\AppData\Local\Temp\49eabe0b72c309ee07a6198f775e91a0.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2132
    • C:\Users\Admin\AppData\Local\Temp\49eabe0b72c309ee07a6198f775e91a0.exe
      "C:\Users\Admin\AppData\Local\Temp\49eabe0b72c309ee07a6198f775e91a0.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2616
      • C:\Users\Admin\AppData\Local\Temp\49eabe0b72c309ee07a6198f775e91a0.exe
        "C:\Users\Admin\AppData\Local\Temp\49eabe0b72c309ee07a6198f775e91a0.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1280

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Windows Sidebar\Shared Gadgets\american sperm [free] 50+ .mpeg.exe
          Filesize

          275KB

          MD5

          b5aa083a6390991650e73d53e13611d6

          SHA1

          b46307fa59e16fee9a5d7e0134cbca38415b25f1

          SHA256

          84d2abcf73ef2638f34c4d0be0052ea038afa0e8ac2c7fddb54d9115572d30f8

          SHA512

          8b94d3046e4c7b980238b249c68cf1aae298112302b8cfa088ced646d0f6701c65e5b302cce5a3400734848bd515b0d518d6ac62fb73d9dd4c57e8d472c11df5

          Download Submit

        • C:\debug.txt
          Filesize

          183B

          MD5

          6e741ee8c12607b63abf896ca9139a89

          SHA1

          71b7100b6fba59d0c8c1cb0c0bd08c105f6bbb9d

          SHA256

          4eda60097e9296293acd13b82ddc6a438548be7e50ddcd0f6e092b739b223ec9

          SHA512

          97db2d2bd4606d5a60b3168b47ac8b27aa9770d6d678e740fd9104e81b12f7f513aeed51a1211505086b54ad41be719b0b54e3fc2390fe33c31c403ec124712b

          Download Submit

        • memory/1280-88-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/2132-0-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/2132-63-0x0000000005C40000-0x0000000005C6B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/2616-64-0x0000000000400000-0x000000000042B000-memory.dmp

          Filesize

          172KB

          Download

        • memory/2616-87-0x0000000004590000-0x00000000045BB000-memory.dmp

          Filesize

          172KB

          Download