Overview

overview

8

Static

static

7

c2a3e7049a...bf.exe

windows7-x64

8

c2a3e7049a...bf.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-07-2024 11:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c2a3e7049aa6dc5b8c7fa7874d70ec5a00f949741504c301a4e527168e2c45bf.exe

  • Size

    1.3MB

  • MD5

    3c086ba52c378dde10453862407a896c

  • SHA1

    5f01625c426cfa1fcfde5957eb09e44f63a79c36

  • SHA256

    c2a3e7049aa6dc5b8c7fa7874d70ec5a00f949741504c301a4e527168e2c45bf

  • SHA512

    8528c2410aa363b4e9c5147fd9f11aa6ba8b740954dcffb802a791c3e9ab8c27ac1ae0b8fffe4fff84646a7a3ab66a6ae8ee54164e0085c9fc534a2b00d773b5

  • SSDEEP

    24576:Qak/7Nk4RZOqKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/KZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2a3e7049aa6dc5b8c7fa7874d70ec5a00f949741504c301a4e527168e2c45bf.exe
    "C:\Users\Admin\AppData\Local\Temp\c2a3e7049aa6dc5b8c7fa7874d70ec5a00f949741504c301a4e527168e2c45bf.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\c2a3e7049aa6dc5b8c7fa7874d70ec5a00f949741504c301a4e527168e2c45bf.exe
      "C:\Users\Admin\AppData\Local\Temp\c2a3e7049aa6dc5b8c7fa7874d70ec5a00f949741504c301a4e527168e2c45bf.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2524
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2252
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2252 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1472

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ff57191376e03605da0278b9f1ddc219

    SHA1

    4e6639c7ce4711d4590a061cda0f8d73afff3e11

    SHA256

    ce365c01d5b28e37732e668396424956ed14703869a7bd47c77c1fe32172f3f7

    SHA512

    7869214c9f56c1807195f6637c8614165eec17ec52333dc2ae500bfaf0eaf33c14afdc53b41069020a87a918e44dcbdf4ef449588c7891d359a0489f179b6a9b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72d9738137c4f1e64c6ea3c4087a362b

    SHA1

    f858f79e6a9365109842274b7af0f189a1d0cf81

    SHA256

    feb82fdd8b5824ce971abeadbb636c9de400695602437fa5b616ecf9b8e43e42

    SHA512

    e6f822bbb2c4760d580bbc83958458f666b05d5bd2aafd0ab159b1dc098e498e0594073782ad6f7e8ed7dc37258306499510dde546e847b3ab93065317dfffd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce77f38d13884ea6c19d0da508d55317

    SHA1

    2ddf9f098f4037ac90a9668e094f96e2d573d544

    SHA256

    3d2af1cfed83522386ca4966777574dc344204797444320fbe1eb3efd43d01ed

    SHA512

    dd5bc2da04d731f763d45bcf31ee3d0d2e17d3a954a27ab655e74df9db952cb6e503e02b6c1f765a231f0443465d8d5fd6156e3fd16fc70f551f7a31b2c77e6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    878afcba5cbe2898134b14071e5418f8

    SHA1

    f9a751b55452f11c9d14f339cb700628874eb48e

    SHA256

    eba193f18e1191052eb49d6d3545c50a8e1b2398b0f0b2275f515d9e8ba76d55

    SHA512

    a18f23eb9c6d282b4b5c65e36f50f37829c68276c018e1eca51e0d070e60ce892a8e1f292de8a3df408202a8d2a4af024862e03f3f24b350f44623302783b9fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b5dd3c78ec246cc46db783ec09e6c70

    SHA1

    b3c5d2251bee16c6eed192af334e3557689b6422

    SHA256

    a05b1d45a0992a3a481354ff57797860e7232b0a65eb60a4ea5e93ab2c4f7e24

    SHA512

    2acecfe5fd473b8dbcd972fc6ff227ee40b29fb25825bd69ef5a96a71b1b2504df768c700a9c5c77f3fa26aefb5a116985ffc9fcd2a7831cdbbfe55ded7ce103

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b76ad92361420776483abdfb9a04d880

    SHA1

    8eb2a7849bb036a7453ae5de471ada064bbb8fc3

    SHA256

    ab5151e2d68d67722423601dafcb3ff0dada6828bed7b4b3cce732aaa2c11423

    SHA512

    67b3d859a2c34846c2f303fbb3286da7ee76b4806fb0096439498efcb7c4461ddc1e2093ce6c19ad7e3d32a24bd447f4fdd2ad825a1f4ede15e183f321bf7cd3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    816422a4b72a2399e269019cf13669c7

    SHA1

    75b67253fdf5d50236dd5d74bb97f68880ae3fcb

    SHA256

    3daa0f1a71703d9a8d11bf000c1a2efbe7a7b5cbd7b553233e37bf023093d8bc

    SHA512

    1046246012ea01245169d707480da174efb5871b6cad836fa4b6449a7d0ea8eb249ca374662714698e56488c648f6c4c271df1b63e929fe812f9e9a24a2f76eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    639d519eb54e43fcd18060c9db095e7f

    SHA1

    1dd9bb57a2e5dad4e6c961aa781307574925ac99

    SHA256

    f997107987e211c86a28f2cc0fd39290922b9d27a709344185692bfb8baad758

    SHA512

    5c81c73c6cd010c233569184e4c72661610c0c7bde42b6ff7fd913f2a1b806fece8722d2512b39b640dc0eec97280d641c2b72249d6b41a44a190c25ed3f20f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    adbb845456260c92fac2147f89cb6a18

    SHA1

    e02c4a122fa9a9aaafa8c95f50ce641266e06418

    SHA256

    69c846c861e44711747092604550759a35e79a3f4c0abb84f502151c1a161d3e

    SHA512

    e15c7c49861cd1aaaa64a6c2f3b60afd460862610b73e706e8d58631daa83b84a0818384c6158ccc8974da7dfdf482988e92a410ce03c6b95ad52c47518e8c16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    86d000249e18b393547f3a48a02564f3

    SHA1

    0a39885fa682b978a03a7541f754c678752713b2

    SHA256

    b199bb5e756187eae5df74c0b4a5a8d90e9ff25ada8a1a5d3c76e64b259769d2

    SHA512

    0a405019dea2157732da4aca915f33fdad885fe030f5fb54e968604a7d4bff1f01c8ccfbdd963049c48ec37ed65f8b8e41dd97e32b8746cd76cb1523ec9629f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b915a43879d936ed50f2f4237bab23e6

    SHA1

    829b36493cf6412b585b424fa9fbc5beda898c19

    SHA256

    77a4ec5601d7a227a25ff2db5f3520be2d62dd7c83641458ab61b5022e729bb8

    SHA512

    76fe2b95f358e422b802d9954ef0788a065e8626ce24f10d3e1cd9e3ad8e9a12480139515f0bd3729d0fa4b74645d725cea0a70a966cbb06867576b17d902c92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    67c825fe04b4cb9487c84eed1c38a608

    SHA1

    87f7d2923d7bbc75ba1ef51f09220db4714992b6

    SHA256

    390c68ea2cca97199f6c9d6b37493703098f730bf533c09f2448411ea5485229

    SHA512

    d8a316fbaad226c3a25820cb44b3292621d1b949d110cedddcf41b1c78579b11d8129eb12405478cf16d56ca23cb7697afb5e5887f3bb3e811d042b421d5fecb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6f8e3e03b2d803df2634eb88886ed8ee

    SHA1

    fe1a4dda3608ab3cdca8adf6d5d793793bb73590

    SHA256

    75a97746ba0000609caf130e01dfea411621528ba88db54e3cc5c98016617b9d

    SHA512

    8cea6ad8cfdd6f2a51f2edc75f0e5817a89a01d0ae659b0146dac855922551472f02b6edbf9f9901f5c6da399d4a3d00e149e81d0ed9dcdce5c8b5f9c0b3bd0d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec30b3bd40bccbe63e01adc2258c285c

    SHA1

    09abde08abc5a6896f233ea4fa13610f92fb7d30

    SHA256

    bc6c712c5c58799782d37cb79832258d1558bbc8f6f78b8168433b4df351e10a

    SHA512

    22d01ab5bf647612d7d546c46ec75d9dc5c5480fb9f99258169e5a4250ce191b1bf25cda98f932ba036d92c29c832c3aff1958733471caea8aafc4a65ed8462d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29b85b7cf523cf851929470760c6a994

    SHA1

    61d0056faf61f90878f3d84c1bac8ea0b885fb80

    SHA256

    fb12204f8110ce65c594807608f82359f350d33852b90bc5aad055f02444750e

    SHA512

    5aa388f3c8a1859a80a409ed6a438ba6634cd278c5a2940a2f38ed1807e50776d7c3fb4f38bc4ebb2119beef1c64ae42666252e9ace5bf6e130b80f36b615142

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7feb8b4459043570c41062119b1e122

    SHA1

    100aa33c468b1d8c9dbf6fdad49d57c77ab9ef71

    SHA256

    facefc682d9dd223ff3aa58538506a5df985398401ee1ef9fe83f0ebc088891e

    SHA512

    57030336c41cfb597ea308fa16c10d13635d5369f57407fa82d4c65248ae90a04fb0fee470305b4f5bb78761e52f2030ef373804a912ec94036da9843026d4f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fb08d739a6db7e832014ded742d1e6d

    SHA1

    04b0b0062c851b7e14d9a69e0b5718105a44aaac

    SHA256

    3823094daec182419f6d25199e1695de0d18498597cae0da4f9957f40f21c17d

    SHA512

    298f27e91a673ffff309ace65a3ce65a2a626196a8a46050880267ecf26a65dc4d5365e5145348f7d77a76946f98dd94a7b77834f97fe2e65c8295d8afd0856a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b2d57c7636583d8e4b32b8b7f3df1004

    SHA1

    4f41e04d1d8d852fd0f549d41c70b52d731998ca

    SHA256

    1b2c6a02b787b656f95cce26850a7bf286c198ac526020633335d5492e26ae4b

    SHA512

    506f8de94fa333ca072a628b9108d4c19dfbada9ac85ab52ea3d4625b2a73885c753810fab98c2938dba3e2133de1092efc16e6d35d225ca24ef409807587736

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    209273dd350fbdbf0cc2412aa6f31cc8

    SHA1

    5c968695ccb21cd20d905f42514fa698257bb064

    SHA256

    e7141494f772801efc521a2dbfb2ff832a3cdbd5d2ff14981e2b5bfe58b6da3b

    SHA512

    f8b1c9843668991707a7f838f8d15f18ddbf91aa505a87dbf7dfa00e9f04c25aa2efec2c5d9254b78fb6426f5ec8dea51409f7f3cd9adaaa20815a9111808c4d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6866.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6925.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1952-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1952-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1952-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1952-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1952-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/1952-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1952-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-6-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-13-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2524-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-17-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-18-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-19-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-20-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2524-23-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download