Overview
overview
10Static
static
5078db59624...6d.exe
windows7-x64
10078db59624...6d.exe
windows10-2004-x64
1007f59c1814...17.exe
windows7-x64
1007f59c1814...17.exe
windows10-2004-x64
10083d3eee79...8c.exe
windows7-x64
10083d3eee79...8c.exe
windows10-2004-x64
1008b9d4c939...ff.exe
windows7-x64
1008b9d4c939...ff.exe
windows10-2004-x64
1008c1757fc2...f6.exe
windows7-x64
1008c1757fc2...f6.exe
windows10-2004-x64
100d08ee2ca8...dd.exe
windows7-x64
100d08ee2ca8...dd.exe
windows10-2004-x64
100d1c17f831...d0.exe
windows7-x64
100d1c17f831...d0.exe
windows10-2004-x64
101017f357d8...c6.exe
windows7-x64
101017f357d8...c6.exe
windows10-2004-x64
10152de8e813...2e.exe
windows7-x64
10152de8e813...2e.exe
windows10-2004-x64
1018a7c9bb15...1a.exe
windows7-x64
1018a7c9bb15...1a.exe
windows10-2004-x64
101c429652e6...c5.exe
windows7-x64
101c429652e6...c5.exe
windows10-2004-x64
101fe8e976dc...0b.exe
windows7-x64
71fe8e976dc...0b.exe
windows10-2004-x64
7231f15571a...d3.exe
windows7-x64
10231f15571a...d3.exe
windows10-2004-x64
10253a433e14...6a.exe
windows7-x64
10253a433e14...6a.exe
windows10-2004-x64
1026ccb116f4...8f.exe
windows7-x64
1026ccb116f4...8f.exe
windows10-2004-x64
102936e6b87d...99.exe
windows7-x64
102936e6b87d...99.exe
windows10-2004-x64
10Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
08-11-2024 06:43
Behavioral task
behavioral1
Sample
078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
078db59624b35fe4dd0fe0420bd99bd349aa053ef07c982fdc6a58effd96c76d.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
07f59c1814f6b5d712b6bd55b180bd9d69890eb337b44977749a59bf39958b17.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
083d3eee7980bb0b8f28a0452ed2af47610e747db2823a0ad6eb7dbfad7ef98c.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
08b9d4c93970927de49d4c012b62cf663a181a83afc9f6be03eac0afe0e736ff.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6.exe
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
08c1757fc2332f7d219bf2c7bff648ed78f51106e262e6e6f3ade6b0e847dff6.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
0d08ee2ca8d53593d1394983068966c0f0f978afa9942e5df703f61a0579a9dd.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0.exe
Resource
win7-20241023-en
Behavioral task
behavioral14
Sample
0d1c17f83137538366a2ca9f2948458b00943a4b5033f5d0b9f25f85af36edd0.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6.exe
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
1017f357d88223cb18ec43554b65f2ec3f2d67851c7723f3a21bf67d7f02f1c6.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e.exe
Resource
win7-20240729-en
Behavioral task
behavioral18
Sample
152de8e813722eadbc25a08e1871382a887505388e03991595572bb632974e2e.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
18a7c9bb155a24636fb7679c2c33562f66a85fa29949493d4a2dc31b0443321a.exe
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
18a7c9bb155a24636fb7679c2c33562f66a85fa29949493d4a2dc31b0443321a.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5.exe
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
1c429652e66bc481a2ce0309e4389cbcf93c1bd9727760d70418b9071a6818c5.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
1fe8e976dc31ecc74c27018b3a7550e3c16c39b05f17237a39f59a1cf262330b.exe
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
1fe8e976dc31ecc74c27018b3a7550e3c16c39b05f17237a39f59a1cf262330b.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
231f15571a7f90c6c74f0f6eb57a813a54fa927b5c13610e5d6ff680023852d3.exe
Resource
win7-20240708-en
Behavioral task
behavioral26
Sample
231f15571a7f90c6c74f0f6eb57a813a54fa927b5c13610e5d6ff680023852d3.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
26ccb116f44f24784c0c2e9e2f4f796b239ce96c34246b50194342c76fa3198f.exe
Resource
win7-20241023-en
Behavioral task
behavioral30
Sample
26ccb116f44f24784c0c2e9e2f4f796b239ce96c34246b50194342c76fa3198f.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099.exe
Resource
win7-20240729-en
Behavioral task
behavioral32
Sample
2936e6b87d417380f2f28b8274f791a526d2dc7b2d9c014b80e8c88ab9ad2099.exe
Resource
win10v2004-20241007-en
General
-
Target
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
-
Size
583KB
-
MD5
004f3bd262190bd79a6a90744be507c9
-
SHA1
069a52de16b7f52f7de55cee23689212a0695736
-
SHA256
253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a
-
SHA512
64004a74065783d888066660f77a216dbb0c23f6a1b319ea66410fcd19aa13c82a79386f83e220ea53a2458d6a64aba4ea3453d137fa55fd236b1d7c2ae2c4b9
-
SSDEEP
12288:5NRddvGBjE0F4OQkviP2k4eE3TRVROKDsH6Bx4BO7aG:nRcAvOQgwYzO6Qlya
Malware Config
Extracted
cryptbot
basessrn17.top
-
payload_url
http://dfgggloadt11.top/download.php?file=lv.exe
Signatures
-
CryptBot payload 5 IoCs
resource yara_rule behavioral28/memory/4020-2-0x0000000005650000-0x00000000056F0000-memory.dmp family_cryptbot behavioral28/memory/4020-3-0x0000000000400000-0x00000000004A3000-memory.dmp family_cryptbot behavioral28/memory/4020-4-0x0000000000400000-0x00000000051B5000-memory.dmp family_cryptbot behavioral28/memory/4020-219-0x0000000000400000-0x00000000051B5000-memory.dmp family_cryptbot behavioral28/memory/4020-221-0x0000000000400000-0x00000000004A3000-memory.dmp family_cryptbot -
Cryptbot family
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
resource yara_rule behavioral28/memory/4020-1-0x0000000000400000-0x00000000051B5000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 4020 253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe 4020 253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe"C:\Users\Admin\AppData\Local\Temp\253a433e14fd88a5d504c492279fc0a4f192023768409738a11c17790499d66a.exe"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of FindShellTrayWindow
PID:4020
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54ae55559cad102385dda060c2d981e2a
SHA12000dfac7ac9f32b932aa0ae764391c647420e7b
SHA2566d050e6b7d4ff70a9693d972cdaa959a00e7f4f4ce1b2d8ae0f58061c687846b
SHA51206605fc8dd8a51c2f252edbf058c29a7b42e6a446069fd332671742413ecda013b96de3062c7c8e1ba4121691c8f6185131018d672d3e192813087bbbdad4975
-
Filesize
1KB
MD5630b6add90911ca328640c68dfc2e36d
SHA10ce9facc0ccb37901f96e1a20c6955dc7997d019
SHA2566c9781064642ede95f0112ed15e8a91378c862f9e0b6a4381e7d4b3b12f249a3
SHA512b2ad2b35da0ef89c992f014682df7d5a4a9cf363dcf625dc1611418566201ee083fb082c4ece7403538cef145e3e7647aa1da801499632c8b3d5007e5d8cbcc3
-
Filesize
7KB
MD53fe2c0481e0d417eec5ca141b97f75d7
SHA137f522b1849b333000dc32b44e5171f4571154c3
SHA256d4ac0fbc0e1c0f93c0f648a1e9cc82a7fcc981bb01ead846d323d1f632ff32ac
SHA512d6b20002b762958e1d2c10d29284cbd4873a17a30e57eec4c8de8651cd9bf23a24191d67bfaec314e4ae867d62ccb8db90a4133bd4c408eeb91aa15d8f4b0cca
-
Filesize
46KB
MD5937a08bdbad1b0756ff169cf99b0fad1
SHA1bd2b00ce406c8b42a1ba9dda4574d33de2b1bc68
SHA25622dab6a07f2981561a63b28cd38707f5b3946100a888a42fafbea67460741681
SHA512db8e480c83fa251fcada152b8a0ac77df22c700c9c6a3f45293d721ffb5cde1b9bd421724506910a397066534c5938b2372c2064bf7056a8d96a4d1da1743aef
-
Filesize
40KB
MD58de88e8d9f16a4bd681bf4aedd208aa4
SHA19a5478d2fd7237f68dbe3fc5456c058ad197be8e
SHA2562089ad11cc2ee99809a63450611ed878fa5ea582ef7d735ef4d2882bfbc0873e
SHA5121a937906dbb86bbdf42eb7d79bd28c2fc70dd4c6b10e5841563317414fc94955c06599d812759ab344a237554cbc7b5cbb3ee2bbdba7a7d2425d894990e63fe3
-
Filesize
3KB
MD5d5fe614c40a2e75e74fdd7aecbc400db
SHA12d1d6710964f3253dad143eda303a63750b4157d
SHA256e8803fb3ee4311276b4f9a6bd7b050fb540969765da15e0d6cd7993ea1b7bd3d
SHA512c1a3ee1a75a7fe15f15a9e7db10b48570eb5cfccf85909c2ee3aba1b9fba6b50c377a1782d49148182821e8f40bcc84d99a5ea3d5d11e5f9af132b0288e9ab42
-
Filesize
4KB
MD58ee2dd478c09b1849ba8a43d72f3982e
SHA1d56506c99664dfb6042f0c01dcaf74a97d656143
SHA256c984d2a20376dedd04f11ae1d76dd82f3ae0e1ae75a7b62796d4b33732b07ed1
SHA51244b34e0ff048a7592f124e7addfae8045591616e3efd1bdcb616341c069bbd04c033d6b3cdef31f991fb960fe662c446d49a12466f7b395c3fc43d380359bf89
-
Filesize
5KB
MD5269a6974de4f24c645e419845d8d0724
SHA1a9ce214e6b46d69a2a6ee658c61fb621d8d40da2
SHA2562e9d4aef672af71b239c82f345b0a13e87b72c47ea2a552e7cdb3d913ee8d0d0
SHA51215e0e42a356ba47297e392f212e348a0ed5f53a441db8effe465f6bc3d68ac623e7bfd4371c783bdf75595e21ce38bcd508cbabecdb67f527860ec54ccb75ad3
-
Filesize
40KB
MD56602dd0c07e4f7b9e2afd805dd6f5db7
SHA1f62865ab53a187f778f0eb7eab9c8988706f12dd
SHA25663ff5d141ee8611f8f95e012c8578507b8bae360882c83752c5b503aba2ddaf4
SHA51220d7e0c8694814f5871891cdcaa1c7819dca2c2dfa98c98ecf4a9df14a8a926e1574c386407370f52cb7295c3b4bfab6ad60951b99963d39efa0a2c061756442