Overview

overview

9

Static

static

3

6a25f0b2f3...0N.exe

windows7-x64

9

6a25f0b2f3...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 14:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6a25f0b2f37675726e8b37791b27e130N.exe

  • Size

    2.6MB

  • MD5

    6a25f0b2f37675726e8b37791b27e130

  • SHA1

    68c8ef24467f3313256ceccfcd5aa4eeb82e1d92

  • SHA256

    1dcb1cd416a20da3d27a5822ababe052b465cba36e4db45fad28bd7f33bfd165

  • SHA512

    77caa441bec76e4198d02f8426bb81867e49d0326f367b6cd3564e2977a19fb1683fe9c9962d247660f08e1b367ae5d2ee7cbade0b9f513c81be817e1ac31c9d

  • SSDEEP

    49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBAB/bS:sxX7QnxrloE5dpUpnb

Score
9/10
credential_accessdiscoverypersistencespywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Drops startup file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a25f0b2f37675726e8b37791b27e130N.exe
    "C:\Users\Admin\AppData\Local\Temp\6a25f0b2f37675726e8b37791b27e130N.exe"
    1⤵
    • Drops startup file
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecdevdob.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecdevdob.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1096
    • C:\Adobe8G\aoptiec.exe
      C:\Adobe8G\aoptiec.exe
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1116
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4216,i,15436195446242760253,4000484513008731869,262144 --variations-seed-version --mojo-platform-channel-handle=3964 /prefetch:8
    1⤵
      PID:4820

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Adobe8G\aoptiec.exe
            Filesize

            1.8MB

            MD5

            e87f586f5b1bd6dde056c1fc738fa063

            SHA1

            e2a346f1479288a92e84df83f0b0fca3f23486c9

            SHA256

            590462ec581f3ab25fc1a26899ba227cf35d88e3ad5230c3cc22d54001d94967

            SHA512

            a4fa442ad35813a06003aea464125338052e7f359d193b18493902c41d71b88eee3a6ce2baf50502cbc02b9e876dc5cd9dc4cf5a0d98aaba1f9b11a13038e1fd

            Download Submit

          • C:\Adobe8G\aoptiec.exe
            Filesize

            2.6MB

            MD5

            e3048be59aab2cf68232f67085916a63

            SHA1

            ee1a8a594339ae4cd781326e0b746168a3d6a7fc

            SHA256

            bb7d53a88b0e8b8381554930644b7068375333d5bf7ca2246c7af22c0fd5abaa

            SHA512

            0bf0c0a9812d5f2714f094f8f9b3726c4eac4b419d7fb59cc24dd0b1315df12753ee6aec410e76a971cf81ff6d002917a21cad29f6d877c0da41133931e58668

            Download Submit

          • C:\Mint9P\optidevloc.exe
            Filesize

            2.6MB

            MD5

            77970219941e5e11a1139817900f67ba

            SHA1

            2a0692c8173d7857d3f6aab456e88acca5a37721

            SHA256

            9f2d57099cdd6ab9ac9e5e98c127e3be88a76cc31daf6a140df1cf72157c81f8

            SHA512

            5ee446aef1c4fd3f52ffe20b99891e1de30dd8325d01fe87eb0ee7ed30b5b8a2708c98ae6b80f847e36eb3795915096f3c15c41634d7556eca5466f73d834822

            Download Submit

          • C:\Mint9P\optidevloc.exe
            Filesize

            376KB

            MD5

            8054a34f94da7219275c2e848fb63fb6

            SHA1

            f3fee151c93a0a5efd8eb0c372a209722793e024

            SHA256

            df26d8145eb1e87a3e997ea3a55df5b2650d6bb93298687eaff14c10dc864aae

            SHA512

            8d20fd1803e38575b2cff943b9bc729e16eb93fd505e91a5031fed5a8b158f76e5148d894efa0eb3d15f941b355e8691aff3ebc6a697a95243cecc11cdb1acf9

            Download Submit

          • C:\Users\Admin\253086396416_10.0_Admin.ini
            Filesize

            204B

            MD5

            62eda70d1ce04a4896a4a06ca1dd3cc2

            SHA1

            7ec37222dfda6cfa0ec0a7d2db90c14a83a7d571

            SHA256

            fde54618c211a2cf05091a08b7fc583826bbaaa193c8e87e2edf155d716c4fd0

            SHA512

            611e5d9d3b31c540f5256fac213cb1811156a947d39130be9ce9726e5219ed3bc8d25b13f802faf02844dd9efdf9bc0a9a585f2e1890052a69fecfa2cda1ef26

            Download Submit

          • C:\Users\Admin\253086396416_10.0_Admin.ini
            Filesize

            172B

            MD5

            d95110751614df9fea61f9b015ddbe18

            SHA1

            420a08cd1a61447a58155535e780270d12e4f1cf

            SHA256

            9a4c0a78329f8d31a99a6af8cac9aa9b88dcb08ac806ee5d4a96c9d72463f21a

            SHA512

            6e71181b24198eaa3e68e9dcce7e6cede2241277f53490fa8bb60ad3dab09661b0dfa95e0fba176d3ea4dcc605d7458a78b387e23c7fb902d821b7e9e906b10b

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ecdevdob.exe
            Filesize

            2.6MB

            MD5

            6184b94671316527cd43a23c528a11ec

            SHA1

            086650f108638b914b6081c42d6e74dacbb0ab8e

            SHA256

            c671c4e4fbc4cf9eca9a08659d0b3214c06c69fc777acb652c7a793a607c091c

            SHA512

            3daa9999599f7d64e9986fd20e7010e5123d9c47d3865e4059183eb647e42bc961bc28957807ff09ea85d0eaa28e7eaa903655fbd9afc1c48d7112c68ccb8352

            Download Submit