Overview

overview

9

Static

static

5

9b8a53cada...9b.exe

windows7-x64

5

9b8a53cada...9b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/08/2024, 13:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9b8a53cada45aaa02c1a0917fcaaccf94239941161989602fa6c2ed81b4f539b.exe

  • Size

    1.2MB

  • MD5

    dfd90e6a25d9c49cec178caa36e5002e

  • SHA1

    c04ede1be313be83c449a349cb1da61b43fe4b71

  • SHA256

    9b8a53cada45aaa02c1a0917fcaaccf94239941161989602fa6c2ed81b4f539b

  • SHA512

    a8ffc320e3a7e864cf75d88f5ec0c3cc0e02bc244afc620dd5779a5c408c595eb1604b9b20c3f215181e580fc351a9e5c80f8d1b8a3111f80c3c714af26ba4ba

  • SSDEEP

    24576:zqDEvCTbMWu7rQYlBQcBiT6rprG8aA5QGfP5Fmf4nzUZrbZ8n:zTvC/MTQYxsWR7aASYmfcA/

Score
9/10
credential_accessdiscoverystealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Suspicious use of SetThreadContext 5 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 54 IoCs
  • Suspicious behavior: MapViewOfSection 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of UnmapMainImage
    PID:3476
    • C:\Users\Admin\AppData\Local\Temp\9b8a53cada45aaa02c1a0917fcaaccf94239941161989602fa6c2ed81b4f539b.exe
      "C:\Users\Admin\AppData\Local\Temp\9b8a53cada45aaa02c1a0917fcaaccf94239941161989602fa6c2ed81b4f539b.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2512
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\9b8a53cada45aaa02c1a0917fcaaccf94239941161989602fa6c2ed81b4f539b.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:4852
        • C:\Windows\SysWOW64\clip.exe
          "C:\Windows\SysWOW64\clip.exe"
          4⤵
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:5104
          • C:\Program Files\Mozilla Firefox\Firefox.exe
            "C:\Program Files\Mozilla Firefox\Firefox.exe"
            5⤵
              PID:4320

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\aut5C1A.tmp
            Filesize

            264KB

            MD5

            30fbdd77d9b332ff9025d85c94abb7e1

            SHA1

            e891860b37e1adf3484a319d6d438f33c856ffa8

            SHA256

            8e7235e2c57214df8ecc8d845c8fe53173f8a116b530e17917085505cbf763df

            SHA512

            6add05d5c8c7b0b35d45e6c27abf537b40d89d6071644c76b511359517a6bc2c229ae684c3af01326651e644592ad6662f8bf9658899468d680ec402971a6657

            Download Submit

          • memory/2512-13-0x0000000000AE0000-0x0000000000AE4000-memory.dmp

            Filesize

            16KB

            Download

          • memory/3476-31-0x0000000002CF0000-0x0000000002DD1000-memory.dmp

            Filesize

            900KB

            Download

          • memory/3476-32-0x0000000002CF0000-0x0000000002DD1000-memory.dmp

            Filesize

            900KB

            Download

          • memory/3476-40-0x0000000002CF0000-0x0000000002DD1000-memory.dmp

            Filesize

            900KB

            Download

          • memory/3476-21-0x000000000D6B0000-0x000000000FA04000-memory.dmp

            Filesize

            35.3MB

            Download

          • memory/4320-39-0x00000230FB640000-0x00000230FB718000-memory.dmp

            Filesize

            864KB

            Download

          • memory/4852-20-0x00000000017A0000-0x00000000017C5000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4852-19-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download

          • memory/4852-18-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download

          • memory/4852-17-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download

          • memory/4852-16-0x0000000001900000-0x0000000001C4A000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/4852-25-0x00000000017A0000-0x00000000017C5000-memory.dmp

            Filesize

            148KB

            Download

          • memory/4852-24-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download

          • memory/4852-15-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download

          • memory/4852-14-0x0000000000400000-0x0000000000442000-memory.dmp

            Filesize

            264KB

            Download

          • memory/5104-22-0x0000000000FC0000-0x0000000000FFF000-memory.dmp

            Filesize

            252KB

            Download

          • memory/5104-29-0x0000000000FC0000-0x0000000000FFF000-memory.dmp

            Filesize

            252KB

            Download

          • memory/5104-30-0x0000000002F40000-0x0000000002FE4000-memory.dmp

            Filesize

            656KB

            Download

          • memory/5104-28-0x0000000002F40000-0x0000000002FE4000-memory.dmp

            Filesize

            656KB

            Download

          • memory/5104-27-0x0000000000FC0000-0x0000000000FFF000-memory.dmp

            Filesize

            252KB

            Download

          • memory/5104-26-0x00000000031B0000-0x00000000034FA000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/5104-23-0x0000000000FC0000-0x0000000000FFF000-memory.dmp

            Filesize

            252KB

            Download