Analysis
-
max time kernel
146s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
08-07-2024 15:30
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240220-en
General
-
Target
file.exe
-
Size
2.4MB
-
MD5
4090bcb4c36bf660e37c44041456c55d
-
SHA1
b2c2363a5b69c1393b62b03bac15e9fc4557c715
-
SHA256
3729d0a825685cb3f1d22da6a41ad8f23ea9a44539f9e9f6d2bb9fcef1723013
-
SHA512
0ce916ff673c9dedbfcdf3a5b29a8c0e46bfb87995c3fd0280a6660cbdcedc997ea974d5684c79edb726a5aca6e2631d63041d3d392d8f861d9a9a5b4e522182
-
SSDEEP
49152:izS5HsWr2p7f3lDOErXH+W4BdeA2uViz9RRCyE9uDzW0C83M:izCtrwlDg3BJMGJ9u0aM
Malware Config
Extracted
stealc
Nice
http://85.28.47.30
-
url_path
/920475a59bac849d.php
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
Processes:
file.exepid process 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe 2292 file.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
file.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString file.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 file.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
file.exepid process 2292 file.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
file.exepid process 2292 file.exe