Overview

overview

8

Static

static

3

bea6fec0be...5f.exe

windows7-x64

8

bea6fec0be...5f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bea6fec0be2d7a754f2574d1e0483fb9d256d21f00321010fffe00a1d553855f.exe

  • Size

    2.6MB

  • MD5

    056610bc9cae331b1672c6cb76196a7c

  • SHA1

    5cc9a63cb0c04c50ba19984fd4c12fa5f67b8888

  • SHA256

    bea6fec0be2d7a754f2574d1e0483fb9d256d21f00321010fffe00a1d553855f

  • SHA512

    87c1e75fb895f871c1335f637c8306fd55712d14a04b502882b8d6f883e0827c23bc072ee8206a2bb9e4d12b585dac2119cfa89a87f1b806b2e30a0921d8226f

  • SSDEEP

    24576:+A8vyrepIND/0bfSPdaYzRFo3UR+h+8fEvdDrGnrdEROGHOhdYiWdCMJ5QxlpYCi:+A81IJPDqnEvdDqnroHOwiW0MbQxJHO

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bea6fec0be2d7a754f2574d1e0483fb9d256d21f00321010fffe00a1d553855f.exe
    "C:\Users\Admin\AppData\Local\Temp\bea6fec0be2d7a754f2574d1e0483fb9d256d21f00321010fffe00a1d553855f.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Users\Admin\AppData\Local\Temp\bea6fec0be2d7a754f2574d1e0483fb9d256d21f00321010fffe00a1d553855f.exe
      "C:\Users\Admin\AppData\Local\Temp\bea6fec0be2d7a754f2574d1e0483fb9d256d21f00321010fffe00a1d553855f.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:780
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2856
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cbe3ecb8a968b60f14682c8e2bc28146

    SHA1

    6305b0aa2f5813ff3aba9f393c97e51bb4d92905

    SHA256

    f106d1b5968039beb3bcab7593a3ec5e518894c7f3b795e7f7b5397a21725611

    SHA512

    2bf39ba18b7d11007b238ccdeef6c5a3d655fdb712ba0fa0d3aa21998a73c494876043dc3c843e6545c04db67a1e1f0c94a684f35536c38c3f75652738978126

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8f9354b0f2d07f8e820dd9fac9cec154

    SHA1

    656e0caa4d224880187a7a52ea7d2f776f8e66ef

    SHA256

    3162f85a6c75635ed51903b62562479e06f2b01a06f449dd9ed07e1270473496

    SHA512

    a6a5f9e70e8a56aab75f0141449b8525559a4639da1dac44c6a0f1831239d732edc000d815474d31874923718379043ef3add8294535838d849ae777056a47de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    339eb145f1e6d2918e4f2809ecdd73c8

    SHA1

    fcd0c5f9ec7db305b1eb631655a677fc6734934f

    SHA256

    61e1b07c33e6b24052ca56e82fe997092d1b3b0bae48d4dd946c8ec631f4789a

    SHA512

    909e9f16908859cc7ccdefa8ccc14f2ec8bc7ea2ae7d58d242d32ab4ad2fc9ecca5d2d01fe49c8527e9d287a2ee8b7459a31b9672a46c8a90c31fa9fb4024294

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    31fc0aad2addfd3b066a539106993b4b

    SHA1

    60bafd17cace0e72937797e4cfd36205ecd85182

    SHA256

    9611bf3ad2b32915b4b31ce79e25b9bdeeae8c23717a3f87e1d8825597c3d7bc

    SHA512

    8285f50e3802271aa21d2c853a5928814346565834a25f5c58c0e776ac24b08ba53901125ac3f61c25b8dfd2202691b61c4d3dabfd826002445b9a20b60cce18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1df027a0323a0da3f5a7da7674ba6adc

    SHA1

    55a21ac068de604ca8f5faa4e3e713d76edd962d

    SHA256

    163ee27adf933915443e5ead6132d08095c628c6a123de2354f9dfe5b994ef6a

    SHA512

    3d2fcb890b0cccd34b0368f29a47575570408c5dba308aa015c1a1d9224b906142f78bf9908fd1a1e7ed292750b37b8546c95e4e63f0254661a1e6ce19ca1482

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b497b1064e66d8aeb4ccd1442374fded

    SHA1

    3fd8cffb31cd81fc71b763f901cd1785d729dbe3

    SHA256

    55e3364280e99add5b6a8403de6d24edbf2407500363bfaac5e86fa195297cdd

    SHA512

    1eb43db76f1a9d1d22c2daa289ab8ec8a6f0e5636432417028ecd70eae80ae9a736f838ec885fb96ab213fefbf58601aa6f8fefb22b7f8547b78b9aef51cd854

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f6136292aa0c83086686682a3d77885

    SHA1

    2c073d72d4e121690b39962d3da959dfd74d48aa

    SHA256

    1a2b85da6d31abcae0e6f514f41e0b9bc44fabc4784bddbe4bb96e0506acf896

    SHA512

    ceedb6a3a7840d134887803a9d43487dfb6d16a88c6241e79e3b60badd26ca88b396dbb86c0cd61b4f9ff8983839a362765445d7abfcaff1eec66d2c63d86dd2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f92decabeae82bbad88d34244daa035e

    SHA1

    5d40ce67a65a6efb79c2934081e87a9f598cc5ea

    SHA256

    f2482411cd6f32c57c919432f9f2a0b0df66b4e24f2bfe361133ab750e6ad781

    SHA512

    e08ccc4a1b3c0233aa02e5be4dbb8f81cfcf0986f56670a1fdd42d3d7d460f6a4afd7e5e43ef643da4deddcb21cf512f6919d92d7ad4c6699135779448650f0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    78566716b8b80a43b5cf926ef94eaccc

    SHA1

    fa5ea153d7eb0e73dc9157603f2908f8b6da25c2

    SHA256

    900a92be15856c92572809d8d6dadb7842ca5c55357db9a4d27929c697a75008

    SHA512

    863cadd43eda4b2ab2455e71764a23969d453ff3c7128ebf115721e2feb1a509740723bf94e4c97893d958926861e8bd1dc304b81f0c23d4d1eacf4e22d25285

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    75f5aad2c24aa6b11422da27c59eaf41

    SHA1

    b47bad9dd3e72df8f7164106544eab606c5281e4

    SHA256

    0ff3b9b8553dcbee537c6ae1e33591f09a75f845338575954940f85ab6b79d18

    SHA512

    7af93490ec839207ceb4e441c2824d044b55ad1dcc4dcaed28d60ce3743e98a5d67eaa500b58e317f51b1cc6d0a9a2c050601cb36fab25f0750cfcab07e09b70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d7f77bf42f989ef4de6c60b25e471e36

    SHA1

    8a0d894058da42bf27da9f6363c9135b01a21648

    SHA256

    a69fe2c62b9aa522cbe9bb9eeb85e4947f1517c4a02af2fb702ecaabd9b61ea2

    SHA512

    fa9fd14e5636dfec21e84c5d80cbc9903dd8540c74d71bd904f70b769c9640947990b5062d4eeaac9718721954b0e1c3fa83a6b657ce504e810b9d854b927c83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9c3f65c07ab1328c3ef1e0a2bf4f1b1

    SHA1

    d3c0285d46e97757d08e8d329b7137f7bb261062

    SHA256

    28345af603e5895a2babed0c6b3266ef84e5173ce53baf8073b7235cd2077465

    SHA512

    863d6b5d76cb2c416c7c245438f99e4716bb003c93934a202f9fb515c4e16026113df80ebcb4a2dda8e9f4ab6ad40f6c37e1ed026bd67e7f0893afb6235c5e71

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    247aefa0c75c4141dfc9ac78e65b9df6

    SHA1

    7978199bebc2b2e2709bf6852145473cf27e9640

    SHA256

    4c8147af79f9b068cfffb979934bdd88b7931756f2f6208188b59431d2f71bee

    SHA512

    432cb40bc48e4c044515fb9454582ac45e095053d2cd7a2a6eb4110cd5a68f4712bf8ebad3542d17cd2fd2c6f3e3c73a385e190b9be2b3c5936c5e9e9a6dfd63

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e39e693597f11a5d32a8da5d8b7647ad

    SHA1

    ed528ce63b961008d1d706f5320559a4b2482048

    SHA256

    8dc095df74ad46ae383383320d3e9e4e3c32d76cf1f5509d9235e424de3377af

    SHA512

    f4c346b478e2d7ad8a18ce94f095c85e6a9a0918ecaeee80e1f90e5c33c171f7b14e7d6675dc159d9d644ba99ccdf2e8a37af5f91cff2260ee34fbb6375ecde0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2973adcfe498f42305660a077254b406

    SHA1

    113437ad2d0f96e3c00f1b48131f40d2ee62328f

    SHA256

    d9c8d40124f3b40e65e609d4beb78d09c8d0db7bbcde09ad4dc31b608d538fd7

    SHA512

    9fa88e02095a11854c16afd03bbdaa66b45c63b5eba4967de262218da57c4dd5472a9e5e107a69d0855215090a388d27e58709563027b577aa9cd603b5e278ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7046ba14ed3500a293b1392cc6877481

    SHA1

    32c714cce8cde5fb40c6cd23e2041df95592f862

    SHA256

    603c3d8b702e3ef3f54982a7ea642628f1a6ff626b96121837d40697af57ef10

    SHA512

    0be88e013672b1c2b825b5b7773b9cb75e00c521116639a7beb0d0079f9b2e1bd0b6f694997ea6b263bb17d598c464ca8c8d3bf042e7d772281870ee21777a70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e55a017af7755875fb9411f8a86a0783

    SHA1

    9161f79c2c2f04fc1729961f7d37571d330de748

    SHA256

    d052c832ee65c98bbc029c5eb902bf1b53ada65c2d6dbc12c81eec8842c08ac8

    SHA512

    9250dfeee6431d751f11db429338fef13ce106ad79f92ca6a31153e9082d925d29364b4796dc0646919da6f6beaf071240a2af8d6b6425941e6cf3a7a7815c07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    883c6d9f7aa628f1a9dbb8e15e609b2b

    SHA1

    2c6ebbec09bd5f4c159cafb56ca6d75abc0be111

    SHA256

    3a5d68b1c61338fa0e9f5b0f1431e4e7f8d5537ca93383ef38c40a74fc17297e

    SHA512

    2336be0854ba8d46447783d023ba4297efc02d929fb2dad5d69d595ce2dc091d1f0c5f68a97b9c6eb215b8fe96c5c8ea5022a4ccdaf2f6b4b83d1e469340625d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    85a6d006abd700c6d2f309f3d610b4f1

    SHA1

    418dfe28ac4aa36d2745013ea1ab73035e814214

    SHA256

    6a45bb19a5c34cd19276412fe7bf9c2eddee4bc36e9e19ddc3c254d08a8410e5

    SHA512

    a71a6db4fcbaca3379ddc6e87a75b9d36999c0a1c371da738f2746bd45275add1e78540f5a691f4c4566aaeb5e816150845f2c8994d4469a48254764f332a823

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabA94B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarA9FB.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/780-8-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/780-2-0x00000000002A0000-0x00000000002A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/780-5-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2344-0-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2344-1-0x0000000000400000-0x000000000069F000-memory.dmp

    Filesize

    2.6MB

    Download