Overview

overview

8

Static

static

3

065b1b6b7c...6e.exe

windows7-x64

8

065b1b6b7c...6e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25-09-2024 09:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    065b1b6b7c34cf8e7ac0cc5136cc6f372a4727d3c1364c2fc034146b5c8b276e.exe

  • Size

    1.8MB

  • MD5

    cec500c3d3ae8cb95137ad929e01c40e

  • SHA1

    875e98ff5570cd4593ff1d105b693703c82c5f5f

  • SHA256

    065b1b6b7c34cf8e7ac0cc5136cc6f372a4727d3c1364c2fc034146b5c8b276e

  • SHA512

    99aa08020a0a8233ab9b3f95a1b9c34149b9ca8e3780d892db33da56e51261f45af25e012be6cf859087fb29e832a7d730d436203d027c4d9069ef06bc1ec0a5

  • SSDEEP

    24576:F3vLR2VhZBJ905EmMyPnQxhe4KLwvHYgUBoHyC/hR:F3dUZTHuLAl

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\065b1b6b7c34cf8e7ac0cc5136cc6f372a4727d3c1364c2fc034146b5c8b276e.exe
    "C:\Users\Admin\AppData\Local\Temp\065b1b6b7c34cf8e7ac0cc5136cc6f372a4727d3c1364c2fc034146b5c8b276e.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Users\Admin\AppData\Local\Temp\065b1b6b7c34cf8e7ac0cc5136cc6f372a4727d3c1364c2fc034146b5c8b276e.exe
      "C:\Users\Admin\AppData\Local\Temp\065b1b6b7c34cf8e7ac0cc5136cc6f372a4727d3c1364c2fc034146b5c8b276e.exe" Admin
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2824
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2668
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3028

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9a05486f2b6c8c520ef80e7188eeb67

    SHA1

    5d8e0e2d4ce608461ea7217bbfb7806dfc5e7662

    SHA256

    48d81df97657f7f9936f029cbf7bc6508348af7ba37eb3ad12c4a39ee222876b

    SHA512

    cc4ab5274a5997ffd86f8f22d6b8776ea528e9a9021e6db007d91c5cc28dd7a0bbf5f50b016825c5005b214558a5b5887506e35f45a993a514bb60ecd1514e92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f6517f683fd1bd04a233d3181aaef91a

    SHA1

    9bf1ca34f83ddc3618537c68d6fa5b9ae33263fa

    SHA256

    e8df1bdfd066ed1ba6444aad4de9c51349212d19a77f5c17c5415f54e1678d7f

    SHA512

    ad854fcfb8acc4842c064a67b531f0947a31783e9667d3ed174c2e1c1d248ec2bcf47bf6afdda42efbc5722a5094cd8af5aa36db8d777a346143efd317695991

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2cb64865b51c220c332701519f39331

    SHA1

    eb3b144cbcf761ddf22a1cb0ab6f979c2b4498b7

    SHA256

    3f5e9dd397f948b92ea9dcb4f22ffc208188fdc1a3eb0d21190e76083f48face

    SHA512

    913bb5a1ff0e9d005aee36d6e8ae35e6ed8c38ba6d86330ffb791ae5e76213ca2f2138a383ad893eee1da66f63ae5b5c158d41a38385e213113b9b4ff98e003a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4aa86051ae9cea44fa3d4d6a68b1fb14

    SHA1

    5d1ab19dd479fda3ef2ec56efba5c0b021ba4757

    SHA256

    99916f929e5506ef2b11c6d7d7958447a4422e1fe19c3215d762d1fe1b693a95

    SHA512

    bbe9b5d0dfd0af91fcee39207948aa62caa113dddf2cd9c4b9ec4d9bb803e16b5030d7691288c8265fbaa6fb2c7239d261784a05e656a2ee57785526af8861a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    62f24e36226806b6c9d935c11c94ff64

    SHA1

    736ada5fd4f8b6e03d14a400d497d3774fc5b900

    SHA256

    a9b8bef7d2463f169ce0efd109f53d297a6b1bc35ee7d054dfc86f0c4aeae001

    SHA512

    3214fda55bfbda5f10640083da7c846fe0e3dcd79920b2c563269a6baddbeae0c8fe8bd8d02105f772b5d4d9dfce3f7b83617b2505b87dd7023a0ad679a983e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2d502b7fae9c7be6b47ab851034ad41c

    SHA1

    5b5f43ed4f29fb42cb5748cf5c941ac3631909e8

    SHA256

    9deae3d2ce2f66dd35d2bd1a059b2fa527213f2cf955d7c36dfb1b7c27a0d126

    SHA512

    3a65d5880f245f0371ab849e9a314fb96468c38ceac6a2b8f0fb88be1a0d82cb008c15965a6db203436052b0a5ee328d5c98343086ff5f7aca75a5ac61632352

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    32c7dd734da77a9223736adb02503813

    SHA1

    0c8d964badbc14bf495ce692ef11e204c3ea2667

    SHA256

    046201cf10d26e0ed7476b130c8cd1a55e3a176225a5a2e239adb43292f5cfac

    SHA512

    29f71b6e0565567a37df22cdfdeb017ce9a6b4adb55474849ec2d8ace5ade713a925b191d7a10d5c5f51b9330fa36d2edf0ea411e532072177adf6e9bc77e36d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b564fd8a0d0236695ade11fd8e419451

    SHA1

    21d3461f45930c2036f8d0f3996ba9ad13c2e1a3

    SHA256

    2d2293b849b30ae8732a96a7bfb75766aa8a31b84b122117ae8c871cd1109202

    SHA512

    6fcc37a5ab35f59ea1d7ff1341bca93bb0773b609d02b786be0a001f5cfd71b63726ff30343d6b9151134d2af3603bf214f296e8a396970898ce4e81d2f2ea15

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63af98de81e97a6296a54bfac595f153

    SHA1

    7a0428c69481e790867b72e2d3703f43d2016071

    SHA256

    70783d30cc8db8f7c79b668a16ac37eb3c8cca3a271f8e465006ee13fb7bf05a

    SHA512

    e28e98c852d611bb280b507de893c73832a8b30b55c79ab590f63cde11b5f3f04c98b7441b91f746721cc99404ea672a4e19c39f867c06a8b758bd0e3b5e9b51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4dbb12f99ba84523ddfa542ceb16bd0a

    SHA1

    83578a1027e48a8e8e1df09c5ccee03050984817

    SHA256

    5e596af91e1abf7e8bd6b00203ddee2796bfbc0693c94242ad9f9c55e87b6106

    SHA512

    e6778b3301cc0669c399d9e80394298c4b9b939a5a808a1c7f15c9327c9d195b1daaeaa79eb48fb0da97ca2915700f217ad6100d8ff34e327f8abefef8f35b50

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cf2d6ae7916779d326cf17d499df8ec

    SHA1

    368c754e079a31c8f7569c2a8185ed7c3212c392

    SHA256

    9165d2524eeaece8d1d8eafef5a12a556e2ebea8416fda4afb13795e3d84bdac

    SHA512

    c6d113932441a7815a84bdfc743f97f066047ac7a8bab509ec1316c9a14308bb22204a6d1ad449044ae8d08983c69b2e08e25e589948f2d46247b2a0dcd99670

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee3de495f5b9569b2b438c19e35b3916

    SHA1

    7ad1295cd7175f325106f4126e1b5ca8f9deff74

    SHA256

    48cb321c13a4b0565614469f5cae06c818be203030f1e1f777602e2247aab7fa

    SHA512

    5cbce37a6e2d1a8291d3d4bfe318a0c4bc2045912980c7f5183e1de2c01c794b0ff6c6e97554c4310cef1b3f3dbee5c27348e5bc580b8228d2dfe7a3f0c7563e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f955e288adb79ca5395d400e1e3b6751

    SHA1

    47177044334767eebc8acf3253e8ca4bf88b21e6

    SHA256

    abf48d499e0e1476069c99e2bfac4b4c7c718e812bfc220250c2c03856834d15

    SHA512

    7685efb8319816bace99f3825038d3bd7d7ad56cd7f68e3c401260af6febe9d9cd73452d54288aeb55107d8d0d3e365c70da6b8ef9f77704199eab71d2a7dae9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f784a245c891f8e33442b32eb2a1396f

    SHA1

    be00a5cc42b7abb7738aa6640ce5e38b9203356b

    SHA256

    92358eb0f85f8b63bf729ab4ef841ff86ba37871cf68c3ea9520b55ed677e265

    SHA512

    cd9defe8df54497bdacc0feca5e839ef116ffd18d28bde4e891d7f4e6dc03fec6bd895382cbe2322b5aacb760fead5b7a2be3e2c291b9ced72a65b044dd1b3ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0022708911e3b006210d1bbb474f3430

    SHA1

    72b887a0f9cd2ec569edf69963562910c189c73e

    SHA256

    6212de691fb0dde0424102c6ac907843b0258eb43b45d3b61221049ad2dfe6da

    SHA512

    02e17b893522bd6b0ad8be1c2c250f4ef7618dafa3840155eaf0e4e5b7aea67d3753b7fe9a99c451b4b07d95304dd8cf1105a5bc55f2d2cc8a32e799f2e163de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    059ba61a209061dd08c7032b7bb73454

    SHA1

    defff9fd8c0f917ec0c61a3a3e696ae968a531c7

    SHA256

    dcb09733ce446c24e2b6cdd2434663d882df92af0d56bf7e9c6ac32ed19e3166

    SHA512

    c27a01938e505f8743f791a61b8e16d105c71061f6625515d4d358468bd99af0ee7e57262560db666da01805ebebac4c057ccd5f59dd0e30825b8ad62332eb21

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3cc842f637d4fbe5e9d3249673236261

    SHA1

    0c090e1037927af64686a3ef1747ecb25682b526

    SHA256

    0a4e6f5bd5e354a2e48a8e13dd07bbc6a530947f686e4b9ca085ee5b845c3679

    SHA512

    6abe66d96041f081649f18027427c33a1ef3248b477ce11c53513b37fde201c5024e555eca7dd7cdd9d569a6846cbcbdd0fdce336d8e1d3a5e86eade3e3a63c7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9319f88113c1577cddd43106984dc6df

    SHA1

    f0fb8f5fcb2a9ae0730391b5686f2e76da33aa3b

    SHA256

    7169c5fea780603b05efde734a7b9b77b19affcd5b90c6365686d4bb1735e62b

    SHA512

    4cb4b281ce05ac450f820633c613484983e429b6140ea9687807205366371b182c1c5cff292abfe5c395d8670eb6f1310a4181043665b9ff6841104c41a02b60

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4241.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar42E0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2292-1-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2292-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2824-6-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2824-2-0x00000000001B0000-0x00000000001B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2824-5-0x0000000000400000-0x00000000005E4000-memory.dmp

    Filesize

    1.9MB

    Download