Overview

overview

7

Static

static

7

39b47d7bcd...0N.exe

windows7-x64

7

39b47d7bcd...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    39b47d7bcdea64d5bed1be6673b56d40N.exe

  • Size

    586KB

  • MD5

    39b47d7bcdea64d5bed1be6673b56d40

  • SHA1

    39f2c24f053b22e295ae47ea4aa498e9f04949eb

  • SHA256

    1da459e466aaa031cd45f94cf4fb5865975b5dd482cfe7c6598d785c2b068289

  • SHA512

    4b459c8fbf4941ca01e1cc731f6c4469ec1950538148cf9474edb634261ea3a89213980e82ed61d2f65bcb8ef9fffc60c01624603895b7fdba3dcc57dddbff33

  • SSDEEP

    3072:vog5Cck/aZhuDX4dCZFttttttxxFXXW6en:vGckyhCXbFttttttxxFXXFe

Score
7/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\39b47d7bcdea64d5bed1be6673b56d40N.exe
        "C:\Users\Admin\AppData\Local\Temp\39b47d7bcdea64d5bed1be6673b56d40N.exe"
        2⤵
        • Adds Run key to start application
        • Enumerates connected drives
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\Users\Admin\AppData\Local\Temp\39b47d7bcdea64d5bed1be6673b56d40N.exe
          "C:\Users\Admin\AppData\Local\Temp\39b47d7bcdea64d5bed1be6673b56d40N.exe"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2508

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\readme.eml
      Filesize

      14KB

      MD5

      21fa8d2831a40be403abc9813534cd81

      SHA1

      195070010ad5bb7720e5ff9d47072cc2b4c0fc35

      SHA256

      94a274db4d159ee9209481774f77ca503da3bccb375ca7061448b42e772126e1

      SHA512

      6ee24dbf6a639b06377a4f66ad3ffaa5ac60f8ebe76d205174df986485fa42df2a08d7b19916fde76d65533917f9b4892288ee385a6f315012c023f854719892

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html
      Filesize

      12KB

      MD5

      8156706568e77846b7bfbcc091c6ffeb

      SHA1

      792aa0db64f517520ee8f745bee71152532fe4d2

      SHA256

      5e19cfbd6690649d3349e585472385186d99f56a94dc32d9073b83011cea85f8

      SHA512

      8760f26069296f0fe09532f1244d93a57db4cafa8d06aaa9dc981bcaed4bde05366ef21e6f0c1aadad4478382b59a4e43d26c04185cf2ed965901321d05604b8

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html
      Filesize

      8KB

      MD5

      7757fe48a0974cb625e89012c92cc995

      SHA1

      e4684021f14053c3f9526070dc687ff125251162

      SHA256

      c0a8aa811a50c9b592c8f7987c016e178c732d7ebfd11aa985a8f0480539fa03

      SHA512

      b3d4838b59f525078542e7ebbf77300d6f94e13b0bff1c9a2c5b44a66b89310a2593815703f9571565c18b0cdeb84e9e48432208aaa25dff9d2223722902d526

      Download Submit

    • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe
      Filesize

      451KB

      MD5

      1beeb2b1909671abf8a8d588a4a3c923

      SHA1

      b4d0729b838fb729f1bb530cf2e2d7005b8b3302

      SHA256

      89236004930ba2cd907640f3436fe43f35ba342039a7c69d1e3335d9b5703dcb

      SHA512

      3ebd71e40ce1539f5bc3b61f75caee3cbec86888696d0e1b2e011f6f82d473841623d3e7b7ca858580418838c281de9e385ab63fa8144c317bb32eff44ac46f9

      Download Submit

    • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\VC_redist.x86.exe
      Filesize

      640KB

      MD5

      e29d576a64c7aabdcafa8f88e8458049

      SHA1

      0934b35f5f968a9556f6b51d3b5e3f925ffd0555

      SHA256

      287bdd1b59e00baa20a1e2ec8c43ba380dbe8a9fd1f112e987e5adb7c358c967

      SHA512

      4adbd494101afa3b7713be0e18ee5faa2bccbda20cfa9c3ca4d3927c869d3df1052cd976daa62624671cf19ab22a98411ba737817ad430805961717398d4fc88

      Download Submit

    • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\VC_redist.x64.exe
      Filesize

      640KB

      MD5

      164d7c33d7e6b1ab1a5fa2b2929a3957

      SHA1

      5b04ad86a9be3c0b256d6b1859a428f26c5bc657

      SHA256

      3746eec003f27986b16558ebfa51502582102be199b1e4b2440c81f7837e014e

      SHA512

      6b9a344431ed41d4d50d431bae6a325aa86f5af4a250c4e3dff3427c5b0388b1ffc204a4c8eb05b20fdd740ca247be49bf0f728641af5cb4d68bb76277882329

      Download Submit

    • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\vcredist_x86.exe
      Filesize

      461KB

      MD5

      3de93941130661338f816b958d4b645c

      SHA1

      64a2de85dd67995dce1ea88a88ab6ea652dd86aa

      SHA256

      c9ec4e8407f18e4d958f190eaac225b9f968d323aa0132e39efd8ec587b62b46

      SHA512

      a45680d40af837a6407f069e7a744c21e47897eab0ed687e1c0b22d03d4f3c06ffaeecb9bb620c24e9415b367f3a528833c3f479012d000d0a07eb615e93bb5b

      Download Submit

    • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
      Filesize

      451KB

      MD5

      69ea8aaf03a579bc61bb14d46eab6ba3

      SHA1

      0bc51a8166b34bc5f1dd6dc363bb51c3c3f3aae4

      SHA256

      8cadb17004b2de6a2ea4e7f02a96b80b08a1e221872432f8b6e26e6911afae54

      SHA512

      9aa09108ddc6285ae3886a99e1ece9dcdc1085df89a0b5563b4b882bef053035fea97e4935fa100d6fd56f177480115a925b8c287e847c88d32955ab5b25e425

      Download Submit

    • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\vcredist_x64.exe
      Filesize

      461KB

      MD5

      bef979e92ae8138748de8d5cd5d96422

      SHA1

      e5831d65f95995ad4aaa15b01d0a6454348186c8

      SHA256

      8458b7b9e5ea900238af4a83ccac1143be607c52d04a7e191ffef7ea3c2fa3c7

      SHA512

      4c64b1dfcd1cf4bd85b4b26fba6d417fb00df8f643cae73eaa40f705e4ccc207a2052e38b11c2e56158a71522180534735e2ad8b02f951be33e438ef212f1531

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ose00000.exe
      Filesize

      152KB

      MD5

      914754c4c714900e59170285f05ca71a

      SHA1

      d477ecf398d7bda0c1de255a3baacf92cddfd347

      SHA256

      4908f03c45f99701966be009383ed4c3268e1ad2cf6b62edb7edcd59a61cb6a0

      SHA512

      a2ae3cf4f9010111dbdf5ed04f80f5fca0eef0b714761bf960ac6d04219e8ef571e799e4d148eb842238ef7b271f3cac5bbb5292255ae2540680c32f08e51817

      Download Submit

    • C:\Windows\SysWOW64\runouce.exe
      Filesize

      10KB

      MD5

      70cf3cd31050cdfc79109619b281c273

      SHA1

      2f229b5aa528809332f2a96edd6abdddf069ef29

      SHA256

      858944bfb3b2b25c07c0cec063d962281853d4af272cc9ae3f721a8bd287700f

      SHA512

      757fa81ad44def04514ae00c621e9e296de385da41028e3fcade28e6e31ce585f43fe17ad241ad8aa2cdd18af8edff00da1d482e947e76a8f23e7101acf780a2

      Download Submit

    • C:\vcredist2010_x86.log.html
      Filesize

      81KB

      MD5

      f1efd834ea0e04572dce9148fb93f9f4

      SHA1

      387dfc78ed6a2f5c19babbcace5891024eb2a733

      SHA256

      74c2908d0b59aa5a1499b2d27e6df3de8d634fd993a539794af29807fabc20d0

      SHA512

      8fb5e9cbd81e8547566ff455e460cd83cb60729c9e4426617fbb7f4e9fe2edcf5a78e4b8ff910fc0d4b3751e416f5fd1f34634b0d5140966fe2b52b37525cdc6

      Download Submit

    • memory/1212-4-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1212-5-0x0000000002DF0000-0x0000000002DF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2368-0-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-962-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-853-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-1-0x00000000004C0000-0x000000000057A000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-626-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-475-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-1027-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-1028-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-1031-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-1037-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2368-1064-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2508-2-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/2508-432-0x0000000000400000-0x00000000004BA000-memory.dmp

      Filesize

      744KB

      Download