c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 21:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe
Size

1.1MB
MD5

f1a680421f737526b10ec2142bfe0e1f
SHA1

157c6433e433fb7ad9a64ed3fb968e7e51981ee0
SHA256

c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c
SHA512

d51684ea62cb9bc34912d14b10975f3ff25063df6d36164a57ffe22749db5f78fb820542e6d63a2a539e1984a6d4f27fce1a472bb35cebef200609d721886448
SSDEEP

24576:Sp9mNaOPOeZ4ZRQVxj3kWO1pgkysLbIqBcDu5GY/cj4coCYHb0YLF05:6vy4ZRQVZkDIqBR5GY/cUcoph+5

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4996	c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe
4996	c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe

C:\Users\Admin\AppData\Local\Temp\c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe
"C:\Users\Admin\AppData\Local\Temp\c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe_v2\405cbc93-8a32-4b20-bf64-ea1b78c676f3.json

Filesize
889B

MD5
6e47b2f5a183cf8cfc23e9f460640010

SHA1
c00bee67637a0128b7e9364c0e237d1939d3e97c

SHA256
46da377e5c13bf502960bc8932efbea30ce19b730df741af9045e25dd55e3be5

SHA512
5cf22502bae69630f3c9d7c47dace8f60db5bf644b336ac7d4d34fb0de72b75fb96f22cd5422163d72a743b5e741647d3373e60f32a04f94b895624e3435ac0f

Download Submit
C:\ProgramData\CyberLink\CBE\D8D760AC-ACA2-493e-9623-61E9D47DE89C\c882557d69cd1db1090fb404707256c614bf7d0fe46c601238f3f99a4e2c219c.exe_v2\UNO.ini

Filesize
7B

MD5
be9d6efbd8632e482c64618f00a701fa

SHA1
cc7c0702a34305282ba77d4eb88db1fa0bbed850

SHA256
d94fd0c7e43df0a03014a44d79653c0845adb29e6222ca47718c46af90847b84

SHA512
c59eee3a838ec35f447c28a701289f3f35ea5ec08d0c38df54482b39a2219598074d49fc162b1ef46d9e20c336221f53bc86de7163183193001b466ff36dd5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\38ad808b-3fd4-4bb8-a4e3-2deb227feb79.json

Filesize
326B

MD5
1372995a765457e5df552bbde0f58f56

SHA1
96a30d197205fad72e329e9607931217e3ce8d28

SHA256
e1b17044833e0353f92a8741781d49aa992ee2d72ea2e7ebfacbd125febbfd14

SHA512
4df79336e408500008a01e78a79bee20764fe932ea3930a8873d6c4d3770ce6e56829de6cf204a0372de229445ecbf1a3663db90c476a8c43a83ec991d71ebbf

Download Submit