Overview

overview

8

Static

static

3

29f491ab9c...21.exe

windows7-x64

8

29f491ab9c...21.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    108s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 09:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29f491ab9c89400ed88da9843eabde144c8b04b224a1c56499ca44e9a2568321.exe

  • Size

    1.8MB

  • MD5

    c35cb0ad8b36f660219a79224588ac5c

  • SHA1

    4692ec1053d1a1d7488f8c7d0f14b9bf4333b386

  • SHA256

    29f491ab9c89400ed88da9843eabde144c8b04b224a1c56499ca44e9a2568321

  • SHA512

    c833d9fe76bcf4a99db8ddcc42d84a13531e50965bcaad030374d539fa3d4c2dd6f08ebf4916e477d5d19e6d425c8db6744dc7018f11ace2faf513661cdccb70

  • SSDEEP

    24576:F3vLR2VhZBJ905EmMyPnQxhe4iLwvHYgUBoHyC/hR:F3dUZTHmLAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29f491ab9c89400ed88da9843eabde144c8b04b224a1c56499ca44e9a2568321.exe
    "C:\Users\Admin\AppData\Local\Temp\29f491ab9c89400ed88da9843eabde144c8b04b224a1c56499ca44e9a2568321.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2796
    • C:\Users\Admin\AppData\Local\Temp\29f491ab9c89400ed88da9843eabde144c8b04b224a1c56499ca44e9a2568321.exe
      "C:\Users\Admin\AppData\Local\Temp\29f491ab9c89400ed88da9843eabde144c8b04b224a1c56499ca44e9a2568321.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2412
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2688
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2688 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31d5c089d1f41debab2c57a04b760d8c

    SHA1

    93a66a50ac9a17cbe844cb9007d3314637e4def8

    SHA256

    945ab3ca276c0e16bb9cd13a274f4fa9d0ff0e40eaafe036b96eea3e19569dd2

    SHA512

    eb69b6b671b72e661093f868ea1aedc7bf7769ca1c23e205a1e2c5da38813305aae93ead39a509707f6b3349354c7065f3b65213fff753b3bd3e7f680b2c00d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee38a5f6dac5d01067d06116aef24514

    SHA1

    5397cb1b2a1c313cdb4cd62b564bcf14a7c956bf

    SHA256

    9d3268a34085382dcbbae4c36bde90c008d1dc398c76282c90240a66499ae7c7

    SHA512

    afa51cb7db7ec321217b465a9b54b2a52a1154e05fc1ef16ae5d23e2fc8ae0843e506c2bf0e0f896e2485fdd4098bd3576f525693b29805a3fdbe7a5b256b970

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    40fc7cd601e913631fa6b1ec05e6d285

    SHA1

    affafd0a7e79d79833de02e61a4623a28e89a36a

    SHA256

    2c8ba32e8a7611515700ff51dba852c4d22e1793f0da5855a57fee3a32933b01

    SHA512

    db65235610bdcce0518a3121b3d9988e35eb86372f82ccda98eba11159f88c563ed60776be28c807f16f0e4bcc1ed7d99f8b40f88b3a9488a3584339c07566be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b207e7bf5fd7319c35368dd3ca2ad2dd

    SHA1

    9543d725d920be2df7dcbb61de45453cdcfaceae

    SHA256

    f2599b66dc668762519761cbf04d4db13242bae22de9df8706ae4efca2d8560a

    SHA512

    4a7d4efaad685a87042364ee96f17a03ed1264e5cebf34c2b273a8dfcf19ae76b08633c9d5f288af417f4abf0d7dcb2ed85a9e9bf46546d4638a6cdc54563840

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d8b4935f80a40e7bcaf7f1a8e81f32de

    SHA1

    e97599e5b0955a4641dae057087120d7a15fcbeb

    SHA256

    67921029f4160744ce66144455cff7d73ed5fdb51cddea55cd8d7cc67610a720

    SHA512

    25056cc7cfc188aea9858628a5d1faece4a6cf7ba983086ebaf3ee4c97047fcde04836c639ba1da27c616c4608bb5b370d9c46fd64aac0500e3a1661ba26201e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cb8ff38c64175138f6d8e52efb1c34e

    SHA1

    18af5f837d4fff32947a9a2a6586905f4300172c

    SHA256

    7168327db696a41dc8c03590db2baf9c00f9fc8d886565589de275c564448682

    SHA512

    ee601670163da33c72bb7f046e6fdfeda8169b5fe41068ea8cda7d91626bd45ea8f297272a4b7ecfbebd5de1f2777e6f7ebb6fcc14e1ca07eed9ae2346200dbc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83e212042916ef6cfc1026a24ec77994

    SHA1

    ace2a34f835aa3df27c6a6b3a9dc4e98dedcfbc2

    SHA256

    70f03ff9eb0c1910057528f2900df4eff5c411eea907819a5e594182a0312fe4

    SHA512

    0660549fd29626502720f52ba2a947d7e9f9cfd70c1acca094f7f2b1207a5c944d7caa0da7ca3df2f417133b802fa483609c43591ba169d8285a27934f47a804

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09d7bc191a6c7bb6dbe83ed423b5e778

    SHA1

    31e658543afec5a7b80e8e035c298a01d9cdbceb

    SHA256

    e4c78b5682035530d5b9909eb0442856adabc66d8cdc67206c8dc7f98cc890e4

    SHA512

    e51e9b3fa0680f6e0b777991c0722e96f92662c7f7649534fbea3d7242ae17930a2a5279dd5a63101204c94cc513d345ca8078e108c876bafc4e195716c506cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9c5595bb3a16ef1ee58f42d563542a09

    SHA1

    b77b6cdc0b12734ccd0b1c8be8c88156111a5c16

    SHA256

    cdebe7ea998aa5e9a1e7c04c2e5892c969225f7db060a5c2a08385e6bbdb89ac

    SHA512

    eb2f2702f9288eab375237773be5c0dfb80b484fbafea45eb4f2ecba7b50de822333eee9343968fc6089398f6a8ab1ca0983b56b113046f69169a8f595a90ced

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    614b6a9756de0f029cff593445462944

    SHA1

    31bcf7d3c01e5f718fbb27fc2a68fbef4f9524c7

    SHA256

    a782b9f2d248a6f7cfef4262a1ee79fc03e5ecdd0650a0859a96c670fd5ec40f

    SHA512

    ea45022061ad9e09cd056eede9851eb991483aa60ef4fefb63023dd12ed254e5fbd9da16c003a0040dc015d92264c2c1704ead4ce0670752a11240350b6fa835

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59791102e6e8d7799959c8d56c4343d5

    SHA1

    9e3605c15044a24a8f92a768eefe5de7c9d28e9e

    SHA256

    f119e7245e307452de3f927e0d24f61e05707839e7626b48844003a4631afc56

    SHA512

    7c8215bde912195061fa6f06649b39f12c3889642c29ce728557b7a16a2b6edfd53ccb57454ba6726531546791d1660ac75815efc08e7716ef35683fc764dce8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e377217d5025e415c3881f4c83cdc42

    SHA1

    7bb20b6cf8639f2d045b99071b9162de93c78b9b

    SHA256

    79aa9e00f9f81d265078879cb096e22e253ee290b425ce5cb9f16daade38b7a8

    SHA512

    dadadd6f3d968454ffe4a237acf95c8a00f070c43724b6d9ccaf53b70020831a5d51ac1d919aa2d40ea262d2721e735bf1b8882c7a36e2524d3df7abab95cffe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41f89efe92c185f05d793330339942fc

    SHA1

    37216e21abda29d727a63f5807a72f26a7078cd1

    SHA256

    e78eb7ca9caf166662dde122482e227d3963cdf2bff97b28d253d0fa7010c71d

    SHA512

    42d161624ac13649a0c0964b35b24afc043e6e29b94b06d69c022cfc3b4d4ff06c6377363259ac2c2484570721399d7b6fe77e6f9c031661f1f5b0cda301dc00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9641310f525ace76450b880993071a06

    SHA1

    2c377d219f70a71574bf87843f5d82263564e3b6

    SHA256

    f214065cb1b6309d4eaaf2746adf77e34b323318c9affc225c98867aeacfffe8

    SHA512

    9c5b304688dc44cb1b3870bc80a6941f05d76f36c12c80f14c2ff70d1b9663e436e24303c06e75e5ddabc5899fc97b75534653dfa3ce05edb427c5d4dc9e6da6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7feaa728a61a6451343fad0702e56197

    SHA1

    c5b0815b04007c41f5d4e050d896eb60f03a79ab

    SHA256

    7bb5947974fba64bbfc2a772bad32a75216e631c3957af19c4fb0bad0e5ed497

    SHA512

    a7ee652942a09ddca8a3cf8072522efd5507becf4581ce11bfa4b20d4afbb1ab84df6d513587ddb4cda55c4d55b7c212a2d4eed1e428c1ae339bdbf7270653f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39311850188738ca01aa7ff0f804a3d1

    SHA1

    c0ccd9628e3164ec0b9cc6b1442de9c3ce686b9c

    SHA256

    6dbdd587a097ee58162fd8dc4ab044c881c47536163375294f17aa77adc765ab

    SHA512

    1e3927afe0b1363541029ee0e10e38c519e0336f3e9b6b222c08fe6dd6c07c45fd5b55c83ac32e0cf3af268862dfbfd436ec215148a93b1dc6639c7c65e2630c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03b07fa1b144f4b2ae4f6442cb998593

    SHA1

    c72bf7411d6f6b30e295c7259c0fecebe77dd5c6

    SHA256

    cace546bdbe3765af3165f6168bfc0346f6505ab674f6e503b3c52269b51c3d4

    SHA512

    8ba0e4e6de97fe1b34e12dc336c8f3300816d7c822f59122fcbfc496682df5f898ee62d24028f743d5afcfb63ad1a6d0567d2626b70441eb26bb6851b7037a86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd8faea11b288fb304ade42a2a6c8e11

    SHA1

    9483eab1b93ed9be58bcdf97f4124d5d01f4e287

    SHA256

    b22efc2c0e198684fef9659bf472b28a8530483e1add69e009e5e57e10f2c0ad

    SHA512

    17dc29f076eb75f59f0dfc27ca688e1e839d1b785c4f777b34adc952513512799a7ae4e51a06803c40bd7347eff212ce285f62d8455e31ffb5935ced01ec8ae6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4A6A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4B78.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2412-7-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2412-2-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2412-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2412-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2412-8-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2796-0-0x0000000000300000-0x0000000000301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2796-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download