Overview

overview

7

Static

static

3

0001ba2d1a...18.exe

windows7-x64

3

0001ba2d1a...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Password O...er.exe

windows7-x64

3

Password O...er.exe

windows10-2004-x64

3

help.chm

windows7-x64

1

help.chm

windows10-2004-x64

1

sqlite3.dll

windows7-x64

3

sqlite3.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    30/09/2024, 06:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Password Organizer.exe

  • Size

    894KB

  • MD5

    465b21a5b4e3bbfc7e898eac7de0ea5d

  • SHA1

    7dd2158ba1262e9bdb6640d7ae4264bdc763107d

  • SHA256

    05306fcdcc12a5e0baed9fd79844059c08f5d98d2ae98a2d14268faff564c7ed

  • SHA512

    a36e1b4280d92356ef570187610815d86d2b5ea49a2a700e05e8958e2c789261e629fca44be928d35bf9757b24458b395742de2e859689bfb7df008894315898

  • SSDEEP

    12288:UrAT5847prm1qckD7/9R6sYGZf14LvtdE3MQMzq3JutYGU8bf6Ds:sIG41S1nER7YG74nEQVf6A

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Password Organizer.exe
    "C:\Users\Admin\AppData\Local\Temp\Password Organizer.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\1-abc\0007\6.00\config.ini
    Filesize

    913B

    MD5

    43959e7c51bf36499c390f93d3cd462c

    SHA1

    fe5486a8dbfd8f070b7afc24dd32074c8c19be9a

    SHA256

    bb99c4cc4e9a2b98a516417d9d85793ab21722222fbb5614d6eba5d8427477bf

    SHA512

    4c2bfa185cd3b523b3d1e605e3d71ada10a14cb6a422eaa205c0731006c33a10f3dcd0504fd7ac84a76804d19a9c2aab49b4af64815c2c76a912b6e3b4f35282

    Download Submit

  • memory/2640-35-0x0000000060900000-0x0000000060965000-memory.dmp

    Filesize

    404KB

    Download