Overview

overview

9

Static

static

5

4399aa607b...52.exe

windows7-x64

5

4399aa607b...52.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4399aa607bbc0faabced85f15b59b4d01a50d79da07f8d6bc825e358ad417e52.exe

  • Size

    1.2MB

  • MD5

    562cb5dcba0e691bf01ab2c020c0837e

  • SHA1

    3ca5eb915edcce7da20a7b6046055cb11333647e

  • SHA256

    4399aa607bbc0faabced85f15b59b4d01a50d79da07f8d6bc825e358ad417e52

  • SHA512

    130e921e7bd869c6367a4fe664a5fe9df6432ff5ca3519d9fe4d378b52f4675b89ec9312a02ea8246868326d9c0c65703a45e289478afc7f26ce1ce6310077a9

  • SSDEEP

    24576:oqDEvCTbMWu7rQYlBQcBiT6rprG8awSX4F1d5Y/j20uMjwr4b:oTvC/MTQYxsWR7aw6yYpw4

Score
9/10
credential_accessdiscoverystealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Suspicious use of SetThreadContext 5 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious behavior: MapViewOfSection 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:3460
    • C:\Users\Admin\AppData\Local\Temp\4399aa607bbc0faabced85f15b59b4d01a50d79da07f8d6bc825e358ad417e52.exe
      "C:\Users\Admin\AppData\Local\Temp\4399aa607bbc0faabced85f15b59b4d01a50d79da07f8d6bc825e358ad417e52.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3748
      • C:\Windows\SysWOW64\svchost.exe
        "C:\Users\Admin\AppData\Local\Temp\4399aa607bbc0faabced85f15b59b4d01a50d79da07f8d6bc825e358ad417e52.exe"
        3⤵
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        PID:3752
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 724
        3⤵
        • Program crash
        PID:1228
    • C:\Windows\SysWOW64\msiexec.exe
      "C:\Windows\SysWOW64\msiexec.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of WriteProcessMemory
      PID:1536
      • C:\Program Files\Mozilla Firefox\Firefox.exe
        "C:\Program Files\Mozilla Firefox\Firefox.exe"
        3⤵
          PID:952
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3748 -ip 3748
      1⤵
        PID:4924

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\autC208.tmp
        Filesize

        266KB

        MD5

        a1fb5c2c967aa8558c7d23183f7afd9c

        SHA1

        46a77e92eade977bbf0ec71afb2bc2a413e2af3b

        SHA256

        acc62b73f9afc1ffa76dfd1823bb3b6e2257ef8058cf8e7daf733fd584ed9ef2

        SHA512

        04e2a1888d8751774ecaf2d0a55bc92acac79e0212771355d8da9c7d6644a72a574d1686cc065900d04c08edc22b29560fcfac7d2f9b5698544b65b3424b03ec

        Download Submit

      • memory/952-40-0x000002644A9E0000-0x000002644AABE000-memory.dmp

        Filesize

        888KB

        Download

      • memory/1536-21-0x00000000009B0000-0x00000000009EF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1536-30-0x00000000029D0000-0x0000000002A6F000-memory.dmp

        Filesize

        636KB

        Download

      • memory/1536-29-0x00000000009B0000-0x00000000009EF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1536-28-0x00000000029D0000-0x0000000002A6F000-memory.dmp

        Filesize

        636KB

        Download

      • memory/1536-26-0x00000000009B0000-0x00000000009EF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1536-25-0x0000000002AC0000-0x0000000002E0A000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/1536-22-0x00000000009B0000-0x00000000009EF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/3460-27-0x000000000DA30000-0x000000000F8D4000-memory.dmp

        Filesize

        30.6MB

        Download

      • memory/3460-31-0x0000000008C40000-0x0000000008D26000-memory.dmp

        Filesize

        920KB

        Download

      • memory/3460-39-0x0000000008C40000-0x0000000008D26000-memory.dmp

        Filesize

        920KB

        Download

      • memory/3460-20-0x000000000DA30000-0x000000000F8D4000-memory.dmp

        Filesize

        30.6MB

        Download

      • memory/3460-32-0x0000000008C40000-0x0000000008D26000-memory.dmp

        Filesize

        920KB

        Download

      • memory/3748-13-0x00000000013B0000-0x00000000013B4000-memory.dmp

        Filesize

        16KB

        Download

      • memory/3752-19-0x0000000001700000-0x0000000001720000-memory.dmp

        Filesize

        128KB

        Download

      • memory/3752-16-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/3752-15-0x0000000001800000-0x0000000001B4A000-memory.dmp

        Filesize

        3.3MB

        Download

      • memory/3752-14-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/3752-17-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/3752-18-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/3752-23-0x0000000000400000-0x0000000000443000-memory.dmp

        Filesize

        268KB

        Download

      • memory/3752-24-0x0000000001700000-0x0000000001720000-memory.dmp

        Filesize

        128KB

        Download