Overview

overview

9

Static

static

3

b424240f82...0N.exe

windows7-x64

9

b424240f82...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2024 09:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b424240f82869409f8c3328cc3589740N.exe

  • Size

    2.6MB

  • MD5

    b424240f82869409f8c3328cc3589740

  • SHA1

    0b17cdecfb95ebc011a9e7d7becae40dfda74db9

  • SHA256

    e436b21d5745194129061bd98c96c1ad9b85cb40e30d7d195944acea45e22f07

  • SHA512

    c1fcac5db946f34d7e932d73afd06f08aab84e8b99ad85f3d0e39c55cb4fd9391b4dd0a050fa18dc7a6394714fc4a4f3cc5e90418e495c5eb879d2eb04519959

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBwB/bS:sxX7QnxrloE5dpUp7b

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b424240f82869409f8c3328cc3589740N.exe
    "C:\Users\Admin\AppData\Local\Temp\b424240f82869409f8c3328cc3589740N.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:8
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2952
    • C:\SysDrvRA\abodsys.exe
      C:\SysDrvRA\abodsys.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:3348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\MintZQ\dobxec.exe
    Filesize

    2.6MB

    MD5

    5876be87810e9b5468d8be1be014559a

    SHA1

    e3ce22e185de497751b4c4f5bb3be12663ac2a2c

    SHA256

    3c35a12639a23a718c7ba15d8884a9b0196e16764cd8c8723eb1d60a99363176

    SHA512

    f15f3b342f84ca0bcf1a0db9d55845de70968e6763573e45968a6d95605d10b88fac6cc15cfe9cd3994c8af5a6fe7bd6d17de3944789312ac995cfc3c51a6d7f

    Download Submit

  • C:\MintZQ\dobxec.exe
    Filesize

    2.6MB

    MD5

    bdf2652b874c62ab241d07b2e5a95b36

    SHA1

    78ffa89d7571b0740efa6397c27dd365acaa988b

    SHA256

    11e197982f3ef72c661dc861097173eadf837f04844e4b810bc737f2e04a1b40

    SHA512

    25c706e52910bd1a7897411bc4c7fc2f7c3b056c53d60cfee09481d19f7e0e1f0940c0c21acacb3920bebb17e0264c052b3474e6ea6be7c5f641e29a37850dc4

    Download Submit

  • C:\SysDrvRA\abodsys.exe
    Filesize

    2.6MB

    MD5

    eba3982616f1d4e6fb5099f4415ce47e

    SHA1

    9253306eeff9c5e1089d08be49fe78e93ab97039

    SHA256

    07de9f06e86cc2c3cc92077e4dae378f459262144ac4b942956d57299742def7

    SHA512

    20931aba094b60248d3d5fe858199e62739e06f550e3067693a85db51bcc84247cdbe1a1c42ce7384fe3f8701374c083e27ab9ec19c149364e75352b8ff5d68d

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    200B

    MD5

    bb96666a1ca37c9d551a08b9ed90ed3f

    SHA1

    4d8bf4cf5a817009f84635f18041d357908872ad

    SHA256

    c3b37a9893f27d4074c93c7fcb61432086645b9af03766c29ec4b6aeba1cf79a

    SHA512

    9a049fc54d097ce1f125ce984704a9f87a28c0a897f9ed6d3df92e228edee5a976edcebaba3ed035c67a1d48420b6aad7821837b2ba8c13e0a573f67850329e2

    Download Submit

  • C:\Users\Admin\253086396416_10.0_Admin.ini
    Filesize

    168B

    MD5

    41a87d236ff9a1f66f0499f631a3e5dc

    SHA1

    4cefac9b84fac0c9cfcc28adccc669cb2fe11cd9

    SHA256

    75bf3ccba288908a780b959b4ce6dd0d32f1a8a7f550573da0b21f9f9f7b7310

    SHA512

    7fc397fcbf4d60fc6979b1b9d185d7a7a96b780bb73d0938d9e3a87d49b736dbe05abca3fbfd32d31880bc13fb3359e62c1d23af4a6be1897ce62a8a11ef1d4e

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecxopti.exe
    Filesize

    2.6MB

    MD5

    b657f686e78ba443ee9050b03b91a596

    SHA1

    2e19003a6257c5cc746a52b7d0e691e747e6cd47

    SHA256

    91ca1e62d26f096e867f116391244214b042e326de9ec2060597120759f0493a

    SHA512

    371aba995afa61839e8130221ed557ab8e89458ca26735269f0fe28d9769cfdedb8e82c6ef85fa5951b748a0a414fee54a775a3f3042a201dae01c124d2e15ed

    Download Submit