Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-10-2024 16:08

General

  • Target

    6dcc0d9732a1a783a629060fedcf8c5c1ea0dbe74d6ff74d3517e43daaf4eafaN.exe

  • Size

    4.1MB

  • MD5

    c61c7be60d39f9f10dac558003fcfad0

  • SHA1

    8efd909500584ecd6fceb824409e4e74083bfe3f

  • SHA256

    6dcc0d9732a1a783a629060fedcf8c5c1ea0dbe74d6ff74d3517e43daaf4eafa

  • SHA512

    501d6c76ea185570aafd4f1f9375f3c5a533d56f34d8035ca02e41d8d8f19141a8f123a3141debc16015ae8b8ecb92707d8bd5e5587327621c7cd6723b3b46e2

  • SSDEEP

    98304:evqDML9IW1dXg3S/MHmgyJdXN0B7+sFIDQfG:eEnuQO

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Drops autorun.inf file 1 TTPs 1 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • NTFS ADS 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6dcc0d9732a1a783a629060fedcf8c5c1ea0dbe74d6ff74d3517e43daaf4eafaN.exe
    "C:\Users\Admin\AppData\Local\Temp\6dcc0d9732a1a783a629060fedcf8c5c1ea0dbe74d6ff74d3517e43daaf4eafaN.exe"
    1⤵
    • Adds Run key to start application
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • NTFS ADS
    • Suspicious use of SetWindowsHookEx
    PID:4840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\905c0769f9a06c95a24ddf945\patcher.exe$

    Filesize

    4.1MB

    MD5

    c61c7be60d39f9f10dac558003fcfad0

    SHA1

    8efd909500584ecd6fceb824409e4e74083bfe3f

    SHA256

    6dcc0d9732a1a783a629060fedcf8c5c1ea0dbe74d6ff74d3517e43daaf4eafa

    SHA512

    501d6c76ea185570aafd4f1f9375f3c5a533d56f34d8035ca02e41d8d8f19141a8f123a3141debc16015ae8b8ecb92707d8bd5e5587327621c7cd6723b3b46e2

  • memory/4840-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

  • memory/4840-27-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB