Overview

overview

7

Static

static

3

d75c207829...33.exe

windows7-x64

7

d75c207829...33.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...ty.dll

windows7-x64

3

$PLUGINSDI...ty.dll

windows10-2004-x64

3

SecEditCtl...CB.exe

windows7-x64

3

SecEditCtl...CB.exe

windows10-2004-x64

3

ikmbmfkdko...ent.js

windows7-x64

3

ikmbmfkdko...ent.js

windows10-2004-x64

3

ikmbmfkdko...age.js

windows7-x64

3

ikmbmfkdko...age.js

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    136s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/10/2024, 08:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133.exe

  • Size

    2.1MB

  • MD5

    222a5b5c942853cf2e9d9c5f9f7dcf97

  • SHA1

    433b34935ee4101b0705228363bc756628cf0217

  • SHA256

    d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133

  • SHA512

    015b11b14eb0cb432c3c05be2682afa76af0abaa442a003a9299d5ad62c676c6f50ced746d70c7a8a088556f51e078e1a0786c64da4d0c4ef6ee97381d99635d

  • SSDEEP

    49152:0MYnMbts4Uqq+VaSGRB1kyUdfofKVkOgThzEKuOyYdf:0jn+1OkaSGRB1RokOgtgH

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133.exe
    "C:\Users\Admin\AppData\Local\Temp\d75c207829297c343a86f4e69cb87983d9c4083a6f0202f84ae1603180c84133.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4944

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nscA559.tmp\CrxInstaller.dll
          Filesize

          1.5MB

          MD5

          b9086dfa9511196d59814b0fb377b09a

          SHA1

          ec723cd037ec98fc933b3b67a54afb7dd9f8172c

          SHA256

          a804304dbbeecb815a9b8b90f071fe50ccec50502eb367f86bfc575db1102e85

          SHA512

          8d847d5096db55ee4744b1091c1cf481069f14e5b3fe4a73e42fff2639b4d520a49341fe1b61f69406b05e5c2d06ff6fc35f1ad73c39844fc3c80b01470411df

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nscA559.tmp\System.dll
          Filesize

          12KB

          MD5

          cff85c549d536f651d4fb8387f1976f2

          SHA1

          d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

          SHA256

          8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

          SHA512

          531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nscA559.tmp\Utility.dll
          Filesize

          66KB

          MD5

          919e51f9624146563ef6ee90c21f14f3

          SHA1

          fa492bb48a47dce845c1d392943372a2ea80c4c4

          SHA256

          e5e100d598b38ec69d74310003648188500dcd82dd26ff3c5c29dd8d47148005

          SHA512

          1a48bdaef10cbe497782ae694a0174768268326ad9f234fe3fef4eece6ddf811099b90288527c5ff0e6dc0d35d1967931d570b574a80f8d3c5b107845ef83dbc

          Download Submit