Overview

overview

8

Static

static

3

a037363be9...f3.exe

windows7-x64

8

a037363be9...f3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 03:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a037363be93b33d22f345b58e3b4eacd6b17d0ba3336c2e18f1c35d563b466f3.exe

  • Size

    2.6MB

  • MD5

    51700a8d8f3fab8ee94cfa3b553757f7

  • SHA1

    81cc71976ea3b628f596c8d5290cf9f8744cfdbe

  • SHA256

    a037363be93b33d22f345b58e3b4eacd6b17d0ba3336c2e18f1c35d563b466f3

  • SHA512

    57ec58cfa06fda08154e88a17280eda8f4984fa650e8ddf783b61bc4f72e031648c2a4411a48b83468a88cc10a075d91401d2fd280dfbf25a27e621e7ef7c156

  • SSDEEP

    49152:+A81IJPJqnEvdDqnroHO+RwNaPoQxJHO:+A81I6gcnsHjwNaBxJH

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a037363be93b33d22f345b58e3b4eacd6b17d0ba3336c2e18f1c35d563b466f3.exe
    "C:\Users\Admin\AppData\Local\Temp\a037363be93b33d22f345b58e3b4eacd6b17d0ba3336c2e18f1c35d563b466f3.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Users\Admin\AppData\Local\Temp\a037363be93b33d22f345b58e3b4eacd6b17d0ba3336c2e18f1c35d563b466f3.exe
      "C:\Users\Admin\AppData\Local\Temp\a037363be93b33d22f345b58e3b4eacd6b17d0ba3336c2e18f1c35d563b466f3.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3004
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2180

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          82aa905682490ce2a3eaf2e77360e21e

          SHA1

          ddb1813347e4bacf724c3d6c73345a8a6e2afcdf

          SHA256

          f71551d4c1344c0da956ce59e9f0b40b82f14e18578cbdf15cda44308bbfd82e

          SHA512

          1bead9c4dbf08e4618d27be78d3d6483742e83e397043249c2809697c31d9bfeed4e4461bf044c49eb4bd8d272c037a01a256343532e633d4dc31347f8b0b6ec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6551f9a6d90d87ec82d6991ef6628cbd

          SHA1

          068dd5d3164eddf780d68a9b2b926fef498b9d74

          SHA256

          36cc0ba47b3b74bbf50bef2bfd2cb182117c07bf39d89d011a11d117b06fde55

          SHA512

          dab4d0e8b6b102cde51c253765eaeeb3bb25a007e16ba397427bf6ac29b6e0b7b730e58a17a1e9b2915e554f3a7e649d58b7e628255379b8bd9a7f634b36f92c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1de82907f3a64b3380392e8fa441c076

          SHA1

          0c41259f64133c394445eb21779ea4b520f50a77

          SHA256

          df1a79e04768121cc46ab77c75b25e104b0908e80a80cae3bcfd35d329f34ecd

          SHA512

          b5092a41d349cef5e1ddc4bd3a012acea110a0b0f7d324897c850692f915016d79cbba6c4c6fc5637738d7aa0ab5b3abc41acef1240a6cab30a6f5efe7f5b9a0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a318d48f086aac1138d586ea36269dca

          SHA1

          31518239620ab38fa448245cbf29c0fdc4bd0a21

          SHA256

          d19642534be5944ff84396c4fed52074d0ffe4b0b3f28f6cfb6abe2eb95797e6

          SHA512

          8ac89834f22b920a5a0e4feaff061eaf8ab52e8993ee44631aa2ff1aaf75e79b5a632cf7022d1be9dda788976ca70d83bfc3152afbce44dce519e629e2a7e142

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          65f2f4fd0ad200965980549161924d99

          SHA1

          344e4d84438b37be38b1b7f179b465cfa65ab725

          SHA256

          9170b5ee645c414f9c2dce4d505b8021fba5feebd815502d5ed50ef02ebe1fe0

          SHA512

          cd54160b5d5f417dd12860138fb5920119f53a5c1103a580f341922eb992c38711d501729aa858ef4177ea2308df7515302f9bd80ef2d1df7904031532849c1a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ccd15d1d969dc7988e4595cb499432a4

          SHA1

          353b976641ca7bd7b2279349f3cd8bee426fbcc6

          SHA256

          8711b42f82b8b6d1b2e83484f66a50264b3817919b86b4995d21dd449425a7c9

          SHA512

          9c0eff8781b5fed89c98894670148130edea7f4e42318a69571caddc8cf6538deb59938c3d754b6cf922e21fcf44b9055421e28a3669f65a628bf8ca3e11ed04

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d621c0ed3661f7c87fa836a00aebfbdc

          SHA1

          8ab7cafe40606bc8f5258305934ba6c1c93fa400

          SHA256

          34b99868298c9bc67f41263f549b39cccda703ee10256d391cfa14ed5eb34e75

          SHA512

          8cfea452788315c60e73c37abe6c32dbe83edebd0bbf2fb7225d1d6232064dfe08ad70b50bd9a4f84c7be6dab2785b1a92ac7e3bc319e9f59f01c63abd82eca9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aeb50f1be16ef36dd627ccb696cc90ca

          SHA1

          c9ffff64daa37ce3030eb49e51c7dcad442b8e55

          SHA256

          0cf988d15155b1103cd9304467913454bc6a4b994501d9559a2abc5a6f522a31

          SHA512

          f0b8037cdb7061d4be383cbdb09fa4cfadba5f39d597e00484bc22dc023aecb9c74faff97662e1b5878b6592829ce50ce4943c3f553ed4effecd270e3b7a3832

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          0d5acac12a64de3158a0005ee33f15b0

          SHA1

          0c337a8ad098de368ee9d7b7c5480a8c8dbbb042

          SHA256

          b7f92622fcd2697fa2771e8915abd0b4adb4a2fb062795c804424354bdfaa19e

          SHA512

          ebca430285e7351c449a1cb911e380731ec403b80b4adbb1e0ab7ed67bc70baf5b918ba383248b6ca5f35c9701ed5f12cb799937327c42c8d33633af7484528f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          31b260544d49e1f59cfc51dab84574b2

          SHA1

          500c259d48e3435439ea7f2590d0d5da40bef908

          SHA256

          4560fa01d0f747431d5496a1270b13fb8fc409795353803eef2753b6acbb91fc

          SHA512

          85a0871fce8d2260572d7aa47df57ac26005a9a6279fb299265271aa3da94e97e67343f608b76232fa6173b50c32354c601fe3ad86e4d5a5ee4f6b14c447275e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          db627ccacaf01c3e839f8bbfe93af173

          SHA1

          16472ce658daddab8a5a8ffaafe266f34bdba775

          SHA256

          15af1fe9b3327806dede2394c1f96b7fc9a3407e55cc1252879732619cb4273d

          SHA512

          82cd428f07c576de4035443281df195dec8a0c31ebc4dc34c6c2a7267e748aa5fee27fca9557d9a23d087c00db89fd2c81b17100cdb624566097475889369a25

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2cbda4748d6ca90215ef6823c9ce8e68

          SHA1

          91ec9e6478c6882682194f4460d2fc88b4b5cf45

          SHA256

          6ff1bd7e436b5c62047f141cdfff170624ce5c930c6c77c08ad096403a92e990

          SHA512

          4f7bcd3faa4ea870e550a50f982837facc1ef0da7c18e8607acf99a99b86a9cf829ba4462c62cb45d574cf42c8b04ba84af594db56381cb73e31b89f92b4658d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          039b5814d2b62128f221f3a103f61c10

          SHA1

          f61eb73bf78592d7f01990627eabc1afdfe0368a

          SHA256

          eda6989d0d32847e16a3771a4d4ce1d8929879be2aa78f1cd615a38fc1b02ead

          SHA512

          6961ee5fb1bdf81020a2b58e7ff65076e2ec2c4237d6645e35e191bb51c16769f38b132536f902b05a26d32aa9e368a75012dd0e3880dc24388082ce41f375ea

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3759a1c1068f2f00a3b29dc0a575e9be

          SHA1

          d78e34c250b01a9e9f32714c9e22f0ced8412f86

          SHA256

          296909bfddd389d5bbbe6300b2a0202743ccf8928a7e71c5a465d94e2f6deffb

          SHA512

          f3b7498420ee54790666003a0422bedd2eb059e88a82b51954f1d6f63ec0ab5cff24637be7fcfb0b4e1d3e5237fc2fbbb8137996226459c47480794a18ac8a2c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9cbfb1979572dbd94de9273e487a6fb4

          SHA1

          9bd30ae78b804f28f5d1078a85cc8e2c62510ae5

          SHA256

          5ebb2b5b02016716bcb6a2bacbe649a417b3769c30aef206c391c16e028ed538

          SHA512

          9287cd55c32460e82028bdc0de2ba799c53a9cc69b76b340aaa6fb32d535ce518e6b6587faf5526a3672a9bf86e9c3836330a2263c7081db64cedab5acc6b5a9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1a36b692ebdcf0ef1ba498c174c9b5fb

          SHA1

          38aecb05baa467b0ff6069b3823aeecc17b930ec

          SHA256

          322f6b84efc4d387c378a3f8a749eb88d2703662c686db14db8051f17e227094

          SHA512

          11395c0786fba353789c5938cf341fd41106261694a6202c2e20ebb4ff0dee999e01fc4f1fdf2afc2a6b627ba693d81a5524a0d56fac4be9d78d43898497f96f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          eb187c9c1f297bce2e5d5d4fbccbebb5

          SHA1

          9b1a558d68d2b66c9d183599f41e36c6999c94d3

          SHA256

          0ac8d42026464ea6db81255337cb225cc8f6f73073ee60ddee641c3c81ab2db3

          SHA512

          9c1c06d948c0324751217da4ce13a9d4cc75b8daf6e4f10587b5b217003d41d219d39140cd21a54f15522905290e4d55a38e3c548baca9642173221f93589a74

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e5a532def86f155e00efa27f685a5369

          SHA1

          de4b76c3ae48a496f389b06cbfd82b57c5c7471a

          SHA256

          5ea33b46aeb8e1c0cc7c87e7987cf50ef33e3769de71682a9b83c4db90322260

          SHA512

          041d450c9e0358adea6f458da254554df1c46b00abd0ce5104503f61b54468b7fe1bd1c376b78a630d3fd4985179e18f3cb007de7b97209066bad66f219cc473

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5050b124a27de4cf0eea8f4f2351f23e

          SHA1

          0be658b184812031b9af959a1b85f0a6cb7f8150

          SHA256

          69f6ca016bd79111309f2eac12b32c2bcb875723505197e600286c557df69814

          SHA512

          57907c9f5ad840a75fbf829c0e59f8a4c97af10739e3610dbaece89d04c3dce7a6def23302e97470dec46d945feac0159adabb1e1dcdba8a6df2dd11ed8c4e27

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f0a18c8affaf03a46f5592f10bfb254d

          SHA1

          d4e1bdb788131476fd5d733d33a5359dfa0758c5

          SHA256

          bf9c4df75e7b717da8247e6b9ce475523d4a2dfdb15213d04c93c54fb66d851a

          SHA512

          4a36562aa30397d12838af683b5ce6d3fc9a7f2102cbd37678274738d3705d31eb5d92a195f74b40ed432c071d04e567fb211f07a02b5539f70cf4bcb52d5ea0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9473f0eced20a39f3fcf57a99c5837f1

          SHA1

          9e8f38cfd8b5481a7116b9f0e6412c048b5edda1

          SHA256

          6c4de014a8c823b08e59ef1b1e4cba36ed097fa4a713a5ce1e596959408c286e

          SHA512

          0f4844f7cc54b36a169c6891b7f20ebaf7560f2ec98a5ad874a37c477aff21a14b3b17bc9bdf2613fd1cafc464e556aa8191cf74d0be1009b7fd3599f5822f26

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabB2AF.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarB36D.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2564-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2564-1-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3004-5-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3004-8-0x0000000000400000-0x000000000069F000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3004-2-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

          Download