Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
1800s -
max time network
1559s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
15-09-2024 22:42
General
-
Target
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
-
Size
904KB
-
MD5
0315c3149c7dc1d865dc5a89043d870d
-
SHA1
f74546dda99891ca688416b1a61c9637b3794108
-
SHA256
90c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
-
SHA512
7168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
SSDEEP
24576:bnQv6Dyxn2Qx0KHizHWKxHuyCcZFyXR1tG:2OE2QtCzhh/7R
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 5 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 63 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 34 IoCs
-
Suspicious use of SendNotifyMessage 34 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 22 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Security Central\[email protected]"2⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5a41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
904KB
MD50315c3149c7dc1d865dc5a89043d870d
SHA1f74546dda99891ca688416b1a61c9637b3794108
SHA25690c2c3944fa8933eefc699cf590ed836086deb31ee56ec71b5651fd978a352c9
SHA5127168dc244f0e400fa302801078e3faec8cdd2d3cb3b8baaab0a1b3c0929d7cf41e54bfbe530ad5ce96a6b63761f7866d26aaae788c3138c34294174091478112
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB
-
Filesize
6.2MB