Overview

overview

8

Static

static

3

73141311c6...ff.exe

windows7-x64

8

73141311c6...ff.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-07-2024 04:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73141311c62e269e0c546e341d6c30030defdc3c2d893b0bcb36e77c0ca144ff.exe

  • Size

    33KB

  • MD5

    820143c947ab5434bd7b8c34ba5dc5eb

  • SHA1

    a5a2bf184cd3660354e5737bf3fce81b4ad48617

  • SHA256

    73141311c62e269e0c546e341d6c30030defdc3c2d893b0bcb36e77c0ca144ff

  • SHA512

    291081637d5f02a2b72d566ebca598b41f5eb080231923523b221f1e2a770341c1b73c3f3115c70018b30fef74e89738db4d670741a4eade1fadd9a5ca9e211e

  • SSDEEP

    768:JTJYmMUElOIEvzMXqtwp/lDTJg/MFksCRsd2u9C9MFWoVaZel:JT/aYzMXqtGN/CstC9qVF

Score
8/10
spywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Drops startup file 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:3396
      • C:\Users\Admin\AppData\Local\Temp\73141311c62e269e0c546e341d6c30030defdc3c2d893b0bcb36e77c0ca144ff.exe
        "C:\Users\Admin\AppData\Local\Temp\73141311c62e269e0c546e341d6c30030defdc3c2d893b0bcb36e77c0ca144ff.exe"
        2⤵
        • Drops file in Drivers directory
        • Drops startup file
        • Enumerates connected drives
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:4664
        • C:\Windows\SysWOW64\net.exe
          net stop "Kingsoft AntiVirus Service"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4496
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
            4⤵
              PID:1072
          • C:\Windows\SysWOW64\net.exe
            net stop "Kingsoft AntiVirus Service"
            3⤵
            • Suspicious use of WriteProcessMemory
            PID:1280
            • C:\Windows\SysWOW64\net1.exe
              C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
              4⤵
                PID:3840

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\dotnet\dotnet.exe
          Filesize

          177KB

          MD5

          47fc6287d9f8df8fe8022bf7161dccac

          SHA1

          eb50ec09e29b34825c6a13b981dbd2bf8853bca1

          SHA256

          95006f2d1a361f3c3265eb6636365da84af51cad00bd36e093b9aafafc74e6ef

          SHA512

          54cc4c49c41d28ea9047258981c41003b400d3bac3851f000e40a5ca65d6e7802100c9deed5faad4bd9d144bf1fb643070fe368a7ce7382d0ba07f0f1c0c774b

          Download Submit

        • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe
          Filesize

          644KB

          MD5

          0eec0543603f7a8ce8e8f5fee478e1d2

          SHA1

          f975d2b0358d8f138bdbaa04e433d85297f29c2f

          SHA256

          636c1c024e59354f13d9bb02fa8f3849112c4557ab790a37146b1c121e597b24

          SHA512

          cbcd9919c79180c43d588c27107dd04c04378da47df03cb27f072ee296e9c23a7690e3196b457dda14bcac96a38617f597c83a47a813a58c813f3affbd6a2a05

          Download Submit

        • F:\$RECYCLE.BIN\S-1-5-21-1176886754-713327781-2233697964-1000\_desktop.ini
          Filesize

          9B

          MD5

          1368e4d784ef82633de86fa6bc6e37f9

          SHA1

          77c7384e886b27647bb4f2fd364e7947e7b6abc6

          SHA256

          57507bed6cf91d70e66bd4cc287634889ef30b648cb7c44a4edec0e2cb68b772

          SHA512

          3cb7168e776eb564768e30eba43174014a85108ab306a7c07a1522fb42173c381a5bff9ac10944fd345dd5308061cbe2878c60d1e878f8768281c1adcf5dd85b

          Download Submit

        • memory/4664-0-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4664-5-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4664-5166-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/4664-8838-0x0000000000400000-0x000000000043E000-memory.dmp

          Filesize

          248KB

          Download