Overview

overview

7

Static

static

3

157cc5f326...0N.exe

windows7-x64

7

157cc5f326...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    104s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/07/2024, 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    157cc5f326b53d89fcad567f37205d20N.exe

  • Size

    22KB

  • MD5

    157cc5f326b53d89fcad567f37205d20

  • SHA1

    5bda06fb0f0cb03703a935aa8ffe3d66ef08b229

  • SHA256

    fbefed6726bf05a6ce4b27493abdfaa8249d2ddebb4c19364a19a96b3dfac7f9

  • SHA512

    dd243d19f0d6a27429c74f5b09779c8391fb656b49aa0f2b959134d62b489b2bbbcf4b37de7fb723c11c9d0eb973c5c2e7c5ee85057182064cfb0bef8aa1ce3d

  • SSDEEP

    384:x+uPfoQ+DfYMzKdPEsOuubuEG3KHM2/a6rf09FacDASGWCe:IMAQ+BzWPEwnE+KHM2/aT9FacDASGw

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\157cc5f326b53d89fcad567f37205d20N.exe
    "C:\Users\Admin\AppData\Local\Temp\157cc5f326b53d89fcad567f37205d20N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2700
    • C:\Windows\svhost.exe
      "C:\Windows\svhost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml
    Filesize

    338KB

    MD5

    21e749a10632bac22d78a7d1237642b3

    SHA1

    89a67b649d16eb00220de48ffdd0b04f74c917f9

    SHA256

    ed2105b3dc6b213a230caf19d9b6774b0423e173140cd2b9cf54b2fe18d82538

    SHA512

    cee4d4255fce4a850b64653154e708a3084adef903052c66cf8b5f9017d09d6161f2ee1b2d78213bfd69396ac41159c5edf39ad16baf22800fa365794a958fa1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\r8Enbun1LbtTJXo.exe
    Filesize

    22KB

    MD5

    0f30b7a325defd9b723d21443cf8d602

    SHA1

    b8a05379b94ebc15d055c947a49cf2da03cce1f7

    SHA256

    debd30cc3af013c901b6c7a92933e83c55547a84745803e813e4a28685f03818

    SHA512

    279954c64dc46555ccea55a96b06333fad92662ab0bd42b8b8de9ea5b175f433dbf06ac443c484ff383560d120071929b052e020c614c79df0c31322928ec7da

    Download Submit

  • C:\Windows\svhost.exe
    Filesize

    16KB

    MD5

    76fd02b48297edb28940bdfa3fa1c48a

    SHA1

    bf5cae1057a0aca8bf3aab8b121fe77ebb0788ce

    SHA256

    07abd35f09b954eba7011ce18b225017c50168e039732680df58ae703324825c

    SHA512

    28c7bf4785547f6df9d678699a55cfb24c429a2bac5375733ff2f760c92933190517d8acd740bdf69c3ecc799635279af5d7ebd848c5b471318d1f330c441ff0

    Download Submit