Overview

overview

10

Static

static

3

46c288bb7a...2N.exe

windows7-x64

1

46c288bb7a...2N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/09/2024, 09:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N.exe

  • Size

    30KB

  • MD5

    d52ce75b76e65c1a13e7e0bd3c75a030

  • SHA1

    467114cef4cdd0c2a01e42732fd6a0ed94fef28e

  • SHA256

    46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42

  • SHA512

    ce9bba0f14636eb3a8439a3ec15b8496d60441f3e70ff51e985a0c5d8d07acebc0402e41681500e1a1ffc19fa23275ad52253a7bb26f2572bcbe21fe622d729b

  • SSDEEP

    384:hxM2C97q9/knHbIbWOlCq/KqrMjK3luhTV9gs7JsnthhOfymBBf9I0i58pxEPco/:hY9D7qWOlMAMqmvJsthUfIX8+FIHU4

Score
10/10
stealeriumstealer

Malware Config

Extracted

Family

stealerium

C2

asd

Signatures

  • Stealerium

    An open source info stealer written in C# first seen in May 2022.

    stealerstealerium
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N.exe
    "C:\Users\Admin\AppData\Local\Temp\46c288bb7a3c78e875a3297c6501c5abd2d1e1c121cd0ecf5bc6ec7bcfe00a42N.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4272
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpBFD5.tmp.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3420
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:4712
        • C:\Windows\system32\taskkill.exe
          TaskKill /F /IM 4272
          3⤵
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4984
        • C:\Windows\system32\timeout.exe
          Timeout /T 2 /Nobreak
          3⤵
          • Delays execution with timeout.exe
          PID:4980

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\tmpBFD5.tmp.bat
            Filesize

            57B

            MD5

            d2a0337d94f8421c059ebf6e357e2979

            SHA1

            5aae45fee9bee865d29d1bdb9efd6e5ca4e64c4a

            SHA256

            2874decfe78545a9522daad0716466e613680d692bb111f821cae8998dabcf3b

            SHA512

            20fe7183485156f5cdeab24976e53e4b946808c13baf326c6bde507a725aef383e4d4d66853c1d2bcb967605ed846dfdc0f68799c75a0352a1bf82e69443f55d

            Download Submit

          • memory/4272-2-0x000001B50E940000-0x000001B50EAFC000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/4272-3-0x00007FF9B2BE3000-0x00007FF9B2BE5000-memory.dmp

            Filesize

            8KB

            Download

          • memory/4272-4-0x000001B5273D0000-0x000001B52758A000-memory.dmp

            Filesize

            1.7MB

            Download

          • memory/4272-5-0x00007FF9B2BE0000-0x00007FF9B36A1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4272-6-0x00007FF9B2BE0000-0x00007FF9B36A1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4272-7-0x00007FF9B2BE0000-0x00007FF9B36A1000-memory.dmp

            Filesize

            10.8MB

            Download

          • memory/4272-8-0x000001B50ED50000-0x000001B50EDAA000-memory.dmp

            Filesize

            360KB

            Download

          • memory/4272-9-0x000001B50EDF0000-0x000001B50EE0A000-memory.dmp

            Filesize

            104KB

            Download

          • memory/4272-13-0x00007FF9B2BE0000-0x00007FF9B36A1000-memory.dmp

            Filesize

            10.8MB

            Download