Analysis
-
max time kernel
119s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
14/09/2024, 02:45
General
-
Target
7a1b68d06854fa8a8a0241d1f7f5bb90N.exe
-
Size
2.6MB
-
MD5
7a1b68d06854fa8a8a0241d1f7f5bb90
-
SHA1
158feb79843caea6677f8bb2e86d807b71160754
-
SHA256
b46c31e6a4e0ec69ad107587545133bee5e633ff0a59ac4b57b558cfaee500c3
-
SHA512
7d2ccf6cf7f7968578b496d9b48a16284384f050cd6a2147633bf971531c91ae739045949654f1be5c31316b5eb7e6bd8acf1f8ac782c1cdf413813aaf4560c0
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LBjB/bS:sxX7QnxrloE5dpUpYb
Malware Config
Signatures
-
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Drops startup file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7a1b68d06854fa8a8a0241d1f7f5bb90N.exe"C:\Users\Admin\AppData\Local\Temp\7a1b68d06854fa8a8a0241d1f7f5bb90N.exe"1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locaopti.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locaopti.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Files3Q\abodloc.exeC:\Files3Q\abodloc.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD5cad68c85747ba39789ba7886f99504a6
SHA176e549aa6708a5b25a1e16dcebbe59b274cbf3e8
SHA2568ab2757f1f845690f32408911c94e14bce8d06bd9d75e0b818e80ef4ceb5db5d
SHA51278971101315487cca13feb04b28226a6855d230d7390b26c72c83a6eb1547e7cf150df5015de3ecfd2b7a2106c21b1e7e6fbc17997682abbfd8a59b6ccaffba9
-
Filesize
2.6MB
MD537e1f392b25678dca644c9514cc68ed8
SHA1508829dd90b639db622f70e8ede369765cd64d8c
SHA2560d01b1f4f69d463429dcacaa2dcb518e72c13dbaaa352867db4ce1fc8121dc51
SHA51210d732e660c4571d72c3690b2fd32d696402fb484aa63a2e4e107609b480255665b307e1692b76cf8934349657235240805e6e8e1b480da2a2c6ed4e1949d7e8
-
Filesize
2.6MB
MD5bd0c1e2c766b310e9aaf176ed991761d
SHA1da84c5b232ab4fcdf9cfc8655c3499dad3dd9720
SHA2568d1a8ebfc2387afaa9ded469fc311a8c7e72a1a9c97b67c22b79e190088dc613
SHA51244867b2c75a0c6793630aaba045467483f91da7ef7a78888aa87d1fa09390e4c91c1a7b7fb4b2b3abb710914f1b382e9f243e7ffa15e26f2dfbd487933474007
-
Filesize
201B
MD5f740a8a0adc03f5927cc0562e5446e38
SHA1c979bc4fb2ee8cad19d510f18dbc8b995d226428
SHA256bae2c486efeefcf46d95b480ce906415814250de825567176d7a6c4a94b0f81a
SHA5127d092ab2c376b95056ee7f5494ee2c3671d969fd1379ddc53e865ef87d7c43ddf329548b67d180cc7898b9afc8fca9587e7d09eee66f1115990b476e264a4051
-
Filesize
169B
MD56a755687b7b3a87f40bb80742ac23399
SHA189d245132fc3a8a3f0d5993b4d74b01a89206aa3
SHA256e47deb107aecefa1dbc635f6092d23d4a11a362038e6ed52182da9f23dd8b193
SHA5125dd854c2d325fcc5cc8a384a2f754f467d495532caa5ae74f31e11f86fce75a50b87fc84ab71c0a1d213cfe8a2d9c6acb1e3fc8969f25a30a13ffda771092525
-
Filesize
2.6MB
MD590658aebb3d1a40c4b7f42f4e1fdc8bd
SHA19984112268f841e5add800ecf2863583e7ec366d
SHA25660575608e1c36fd7ad630b741423184cf34ac85ce24dfcd0362589807b42f32b
SHA512bcf14971f63925a2f9c1ecf65cc85cd8eedc34703fc044a38333c99653f66c554dca75823b3567698dfa5aeb3f3d25e8369b0a3715d63854b0e3faaf7995d1c7