Overview

overview

7

Static

static

3

d75c207829...33.exe

windows7-x64

7

d75c207829...33.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ty.dll

windows7-x64

3

$PLUGINSDI...ty.dll

windows10-2004-x64

3

SecEditCtl...CB.exe

windows7-x64

3

SecEditCtl...CB.exe

windows10-2004-x64

3

ikmbmfkdko...ent.js

windows7-x64

3

ikmbmfkdko...ent.js

windows10-2004-x64

3

ikmbmfkdko...age.js

windows7-x64

3

ikmbmfkdko...age.js

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2024 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133.exe

  • Size

    2.1MB

  • MD5

    222a5b5c942853cf2e9d9c5f9f7dcf97

  • SHA1

    433b34935ee4101b0705228363bc756628cf0217

  • SHA256

    d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

  • SHA512

    015b11b14eb0cb432c3c05be2682afa76af0abaa442a003a9299d5ad62c676c6f50ced746d70c7a8a088556f51e078e1a0786c64da4d0c4ef6ee97381d99635d

  • SSDEEP

    49152:0MYnMbts4Uqq+VaSGRB1kyUdfofKVkOgThzEKuOyYdf:0jn+1OkaSGRB1RokOgtgH

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133.exe
    "C:\Users\Admin\AppData\Local\Temp\d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\nstF854.tmp\CrxInstaller.dll
    Filesize

    1.5MB

    MD5

    b9086dfa9511196d59814b0fb377b09a

    SHA1

    ec723cd037ec98fc933b3b67a54afb7dd9f8172c

    SHA256

    a804304dbbeecb815a9b8b90f071fe50ccec50502eb367f86bfc575db1102e85

    SHA512

    8d847d5096db55ee4744b1091c1cf481069f14e5b3fe4a73e42fff2639b4d520a49341fe1b61f69406b05e5c2d06ff6fc35f1ad73c39844fc3c80b01470411df

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF854.tmp\System.dll
    Filesize

    12KB

    MD5

    cff85c549d536f651d4fb8387f1976f2

    SHA1

    d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

    SHA256

    8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

    SHA512

    531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstF854.tmp\Utility.dll
    Filesize

    66KB

    MD5

    919e51f9624146563ef6ee90c21f14f3

    SHA1

    fa492bb48a47dce845c1d392943372a2ea80c4c4

    SHA256

    e5e100d598b38ec69d74310003648188500dcd82dd26ff3c5c29dd8d47148005

    SHA512

    1a48bdaef10cbe497782ae694a0174768268326ad9f234fe3fef4eece6ddf811099b90288527c5ff0e6dc0d35d1967931d570b574a80f8d3c5b107845ef83dbc

    Download Submit