Overview

overview

8

Static

static

3

IDM6.42һ�...20.exe

windows7-x64

8

IDM6.42һ�...20.exe

windows10-2004-x64

8

IDM6.42һ�...ek.exe

windows7-x64

4

IDM6.42һ�...ek.exe

windows10-2004-x64

4

IDM6.42һ�....7.exe

windows7-x64

8

IDM6.42һ�....7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IDM6.42һü/жع/geek.exe

  • Size

    6.7MB

  • MD5

    ef78997488e6121971404a3f25686fee

  • SHA1

    53a260990106e5271cb525f87be008e299beaa85

  • SHA256

    d96df1051e62aa40baefd51235be45f8038745582a5d3428b63123fd2ced60db

  • SHA512

    8a021950ae41a76659cacdba57d4a090b839dc9a39866b1ca3b6efc533d2542cdb40dbf5004c58d1793329a60126052d7372b0b3d4e9165cfa48938f0e77e573

  • SSDEEP

    98304:jo2mCHer41qIJVUR0LRn2ufOFL//bHAKYmg77UQ1mfa/ews4VOp9mD:U4wIY0LRnHfq37g7oQcfa/ewsWOpsD

Score
4/10
discoveryspywarestealer

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Windows directory 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IDM6.42һü\жع\geek.exe
    "C:\Users\Admin\AppData\Local\Temp\IDM6.42һü\жع\geek.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Users\Admin\AppData\Local\Temp\geek64.exe
      C:\Users\Admin\AppData\Local\Temp\geek64.exe
      2⤵
      • Drops file in Windows directory
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\geek64.exe
    Filesize

    3.7MB

    MD5

    c84a3c776bf83d55f901288db3b8b8a0

    SHA1

    515df2a9fb35beef25d070b688d692646f0a1c8f

    SHA256

    b8d968872fe7ed8de7eeb89ff6e1ce2029521f7c744c088ae2c4807b396d28ae

    SHA512

    e471e4ffa1511b5239474577eda92ccb98918eb1633284af20ed80a3cd8366dc4b3ecbe2482b9325e6c543b1acf07731973290265b0ac3c94ea6c436b12e9064

    Download Submit