Overview

overview

7

Static

static

3

72f91f15d0...9N.exe

windows7-x64

7

72f91f15d0...9N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    72f91f15d084b179ff192777463bce26720372a825e776652d8a8861338e3579N.exe

  • Size

    1.0MB

  • MD5

    8d857c26af93e84597dbbd1f522a6400

  • SHA1

    538bae7497511d6952bff5539043a0f9cc1044d9

  • SHA256

    72f91f15d084b179ff192777463bce26720372a825e776652d8a8861338e3579

  • SHA512

    1f12c8c5b9c6532380805431e826566f1b9a73f59abd7025a38b637b6256003d0433b8420ff90d711640b2dc3452ffabd41ef7584ab38fbb68deab7779d24d8e

  • SSDEEP

    24576:PLi5SnuZLnqZtzMnIyaD5fbYR4nT33mE2x5HtEUVSE7QqETVbK++XF:PLdnBCgJjT3WE2WdvqEg+m

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\72f91f15d084b179ff192777463bce26720372a825e776652d8a8861338e3579N.exe
    "C:\Users\Admin\AppData\Local\Temp\72f91f15d084b179ff192777463bce26720372a825e776652d8a8861338e3579N.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1848
    • C:\Users\Admin\AppData\Local\Temp\00294823\41MZirr8sbL.exe
      "C:\Users\Admin\AppData\Local\Temp/00294823/41MZirr8sbL.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies registry class
      • System policy modification
      PID:3820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\00294823\41MZirr8sbL.dat
    Filesize

    3KB

    MD5

    673585703c1ffece7c9f04b64825d147

    SHA1

    b53b38ba47bbdc591b234887de1786c689ad62fe

    SHA256

    f9437641c5c9cdb95f66e66464bbad67a4fc573f37526fdd39e1df9e3e9b56b5

    SHA512

    56398a854891c56b430ef34efcaaaa291afd5769f6127d795bd7163a049b7f5d45a15e6bb6099ddeda9bf272ac00a4a00b0a24434c851506982d8ee12313cfd7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\41MZirr8sbL.exe
    Filesize

    334KB

    MD5

    8300c91b40229b42301aebc6d8859907

    SHA1

    0b55e56a6add6b4dd4ceff475a0018a203d02a5a

    SHA256

    f54a6814ac06c70ef5b738eca4855e49039783d96b70ba1ae461bd90877e53b5

    SHA512

    0863750da143e1707513f4a2efe1ad6cf81f5a819c7d5496d1629745afffcf72338aa9de90479d5e0936e848f9b260c434fd369027c56be175814086cafd4d8f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\fddbmoldkadjglboooboajpejjlkabbm\background.html
    Filesize

    148B

    MD5

    581c5ea413149abeff43c29d37bb4039

    SHA1

    af692010b3e00d2bd8d425b0e071ac1829f43f0b

    SHA256

    83dc184315a0eb41b2fd3ccae735f6985fddd97e75d8e3bbfe49c6297fdd329b

    SHA512

    66bb61690b6acec8d2aec103271fb03822cf9b38976f73a778d6ed5687ae5e142a7616d09a70f6c71f186fd5c4d9bf3d308ad63fad46bb2e844e9fba02aa930f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\fddbmoldkadjglboooboajpejjlkabbm\content.js
    Filesize

    197B

    MD5

    5f9891607f65f433b0690bae7088b2c1

    SHA1

    b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

    SHA256

    fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

    SHA512

    76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\fddbmoldkadjglboooboajpejjlkabbm\lsdb.js
    Filesize

    559B

    MD5

    209b7ae0b6d8c3f9687c979d03b08089

    SHA1

    6449f8bff917115eef4e7488fae61942a869200f

    SHA256

    e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

    SHA512

    1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\fddbmoldkadjglboooboajpejjlkabbm\manifest.json
    Filesize

    512B

    MD5

    5b7f187e3891f89eee463c39dc3aa66f

    SHA1

    c4dc56a20fd9136bb40958d788dc2280dfe41e50

    SHA256

    215fd976589e539aa4a109245e942296142aff436032c8ac5d51227e0534b0ca

    SHA512

    35e800ff3d833778bbad3ce5d1a55e88400e2a165ac01dff612943cfbed71e9c92fbf407c175384d4dee5b7312c2eb2c1ab299599fbeefeff49dcaaccf4c150f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\fddbmoldkadjglboooboajpejjlkabbm\p_ksDiOTiaV.js
    Filesize

    5KB

    MD5

    326bfedfb308053eb7d299a1eef074f7

    SHA1

    4d703acdd2832fc9c0ada4d78438ce233494a158

    SHA256

    4a5f597a847785e0b0c30c0a2dc7ef67205c52ee18f7b233e4c220601047fcf9

    SHA512

    aa53b4ce5507eda2ef9e841cc2620c7ebaaceac2c6e4e1cce18f72791d3060a851bef74402d144448b32d24bb0d6feadb7ae2ef6f09bfd8bde725bb670251540

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\fddbmoldkadjglboooboajpejjlkabbm\sqlite.js
    Filesize

    1KB

    MD5

    a63b96faa10cf2f3c0d2bc132b9388f5

    SHA1

    87d08fe75d25c7cb34a69848b9e4169812027c15

    SHA256

    8ba7a9afab6f9d939f21344530dc2cb968172c87c8bfe794b148712740fe7eb0

    SHA512

    380c6c77c0fe52fa93053720f63602627e2b8adb9743252269073935c1db731aaf159c3b4e782069d34a36e3836c113cdf68bcf0ca7fdf784a57056236394c76

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    1b53c596cfb1aa2209446ff64c17dabd

    SHA1

    2542da14728dcdbe1763f1ee39fe9ceae38ad414

    SHA256

    a7dfea4bf7e1d46a8b8e64ccfb2cf35017e3a5b350eead26d6671254d2b3c46f

    SHA512

    be54481675c38ef6a41697cf8cd3ab5a0b126922b192732a9c587dd8905b74b66c79eb0c849f62bbe8934979a894be63734b0ad59ffae295f5797cbfaa327030

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\chrome.manifest
    Filesize

    114B

    MD5

    c68d32c9293d5f2d8a970b12b3112039

    SHA1

    5c9cb8267c67ef30eb37a931d3c5d15fb3345196

    SHA256

    e4b2a80630c631a2a6628b04559f40174237b95782989a37fb809cad85094d42

    SHA512

    733cf3b6a741cf6a4cf0457753925398a73d0683483b3d9b1a4c8a37736c167de243312b36f4de9037c492bab8bd22d1c1d161ce5ccd7207e867774a355df423

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\content\bg.js
    Filesize

    9KB

    MD5

    b9f112937b7bad16a6809f6d68dc1f7a

    SHA1

    2da1265ff3c45f1d7cfb18872e0d3297b3da87b7

    SHA256

    f93058f50dae1595c6f76374963fd383d8af57496612eebf30af7fbc59e3353a

    SHA512

    344a30fee9d8f963bc5bc70e2cf8117a21ccd3589e6191e5cf49c115f4acfa0fe23f79ea066d710e3214f36b8ac23112e5840802c35c8cff680eaa7db24c7079

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\[email protected]\install.rdf
    Filesize

    613B

    MD5

    f80b197c53933c155912eb510a1653e9

    SHA1

    2c36c41c574c2f2bab8913a61996c3bd0276e63a

    SHA256

    66f57b787fbd53134aec15c1321944e48934adace8f5d041da4bec9d68ac0af8

    SHA512

    6ed7cdf03877b503b7978b6bef3c29fe6379365efd81dfaff66484cdccfa20898ce98ca0c1b8f0fbcbdcbcf74345b53cc0b08b3cf9c5ecfca7dc4be1376b355e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\o6utOsx6fm.dll
    Filesize

    258KB

    MD5

    e1d10cccd5dde588af8ee2cb7309523c

    SHA1

    0b9e805077320b0ce1e6620488bd34f1c4d7827e

    SHA256

    9900e517bfd4b39bd7af4bb360af52f6c95ef9b3e7ef36d2633485c58bef9a1a

    SHA512

    a929eaae12f5cb28e224fc31298af2808f995c5a06bc6f47d95879703dbb9369e2e35b4e50a452e91741e6a949336220348dbb3c389c46ea2e0ca41f592dcaa0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\o6utOsx6fm.tlb
    Filesize

    2KB

    MD5

    9156db5f76d48049dbc41fd1b58b3f34

    SHA1

    5eb1df59f9b5b06ab00137fc9e6451e323d3102c

    SHA256

    66fab808188a98ba49d99b723a181aa6626197d50bd2d5e15e076dcbc6fbb2cc

    SHA512

    742a77e71c34632146e16acadb6b381694072c7f4c2dea1df1dfc645ed42673ba153c832d167474dc41f9b608142a8c41b4aecda1efdab90d87d4f5c718bf149

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\00294823\o6utOsx6fm.x64.dll
    Filesize

    319KB

    MD5

    4f5c722b8686afbea6f09c53171d44ca

    SHA1

    184c60aafbb12d1023b1ce2aff4d3708607a75a1

    SHA256

    870c280ea861313edda0bd3950dc738ea68d006f315888d66023b54e5f98f0ea

    SHA512

    e471a86079a16d129ea0c01878af77d1aa132e629832d3f0f3d1f8a3dd250ed41c8d2f37403a10c8061fff07c07dda926ba7ffcc417c6e0100005a0f2721417a

    Download Submit