Overview

overview

8

Static

static

7

40a7858ba2...8c.exe

windows7-x64

8

40a7858ba2...8c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40a7858ba2e8585a3e80572ada513fbc5dfc822d2d2846172574a7547ef8e48c.exe

  • Size

    1.3MB

  • MD5

    6ba9bf7ec218b9a52b53472e9e3a1b4b

  • SHA1

    f89db2595d58d437ce4b91075cfbbdb622e571a7

  • SHA256

    40a7858ba2e8585a3e80572ada513fbc5dfc822d2d2846172574a7547ef8e48c

  • SHA512

    7f3cf6bb5163e5128cead2030c4fbbd79e7bd54d9ebad25dcc7f645e97c74952c336e3f34dc6ae72dc04f158a0b3693d6aa7a46fb871f84cd52081db6f7e44fb

  • SSDEEP

    24576:Qak/7Nk4RZPQUKZu0zoFmDcpii9iGn+66rLfJIgtEqPILWz8oDqE:Qak/BQJZu+k0WdEacJRIo+E

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40a7858ba2e8585a3e80572ada513fbc5dfc822d2d2846172574a7547ef8e48c.exe
    "C:\Users\Admin\AppData\Local\Temp\40a7858ba2e8585a3e80572ada513fbc5dfc822d2d2846172574a7547ef8e48c.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Users\Admin\AppData\Local\Temp\40a7858ba2e8585a3e80572ada513fbc5dfc822d2d2846172574a7547ef8e48c.exe
      "C:\Users\Admin\AppData\Local\Temp\40a7858ba2e8585a3e80572ada513fbc5dfc822d2d2846172574a7547ef8e48c.exe" Master
      2⤵
      • Drops file in Drivers directory
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.178stu.com/my.htm
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2612
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    66b8fab4b6ed83572cfd18af7b18c085

    SHA1

    659b59c4a589d64163ac9df158a588bb41bd7070

    SHA256

    f4e94622e33aaeb1fe7e23039cd3702928f08fe90572767629b439d1511a01e5

    SHA512

    2127c33b395e9283a4b2ee92f4db4ef60452e90563caac0b0c2aa5be2349f4391999f496ab1bfced968f117325189429c8881592b95806b27c36a18a0e656999

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6ef3d5be918b0a06e3995fdab151152c

    SHA1

    e5ae286f3f3953ec3ceef05677990230f10ce9c3

    SHA256

    4154377f0c8b8f4b536976921e2d9af49654c5b7eda192049e9be1c7d956d4be

    SHA512

    a3d7d01534e0376bb540bcd1d819694418e99e209154cd4bbe4d881912e187a98ba1b4dd306832112c1c70096e64ecea68541e26fb7154c294514538eefe28ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da2e269182ab35e5bbfa739f74a15733

    SHA1

    c5650e4b88ed6ec81767f45839892546852b4455

    SHA256

    67fa24a9edd0b8a3189e783cbf556b6366ec9d86c479967d631acf991346d615

    SHA512

    adf798644fb5b53afbc6006a468bc29a23ae8cef3d12ac14c8e653f575ddf4465ab16f189ddcd3ca3282abad267092d4a9a2e70dcc8fe642e6a7fa5baef4a7b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27de1af8209ca2c48f3fe2aa8c4ae98b

    SHA1

    a9bfb1f65b90a7e408943c6f0e9051af177b39c4

    SHA256

    d9cf2def94463306938b95eb1dfec23317cc1aad4cf57159a6ec8b10338f475a

    SHA512

    1e42f9178ca583800f5f3a73ecd078b004769720f3b13aad6b6ce8efe1e1226cfa6db002b21b61d294f79bd5bc0a2a78e9e245f3644f916838b2c5fdb584fd25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eedadff36ecd923f9031b906bfe623a0

    SHA1

    cf9630fa5b4226744bb5f246e4da1fc372ac8012

    SHA256

    0c6fe5ea399f06f23c024e2ac51e55539abedc972cb9bed36c434954c53a6988

    SHA512

    8d6606992ad61bdabb7c66d67cfec584c43ef119dced03d91767d6c1c291ac86caf333ec027310af8ad423666391d46fdf46b7e4376923c903dcd031ef1089cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7da8e31ea39926647017ca34ccd6311f

    SHA1

    4733239a001748fb1758be9debc89cd8f36e39e0

    SHA256

    555c996b1d647f40ec07554c3f8209c124111be256120f2eddfaf76630791581

    SHA512

    17ddfce29a53c925c0e754869eea03a3034c3cc7bd3381cbc804b3bb0e05aac738ab4be2551ffcdf75b2d0035de6a03ecbda270db2b3fae826e2ada5dd1321ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce8c46a005880dd1c1b8a4d6a546c571

    SHA1

    29b222d77e064cd17af40c561bd6381f9da4cdcf

    SHA256

    baaa94747e4cd69c939d3aa37fcb98a0e6e5ca62590f75989f16cfe90ff6c786

    SHA512

    c03c916da89ed24d36709e8dfda402ee27c25968f5e80f2e5271918e1f00a0315082eeb5b58c7d73f74d3fb0b35186fe257fa4d2b5209f736b7a0e150d7b8c00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16d20b31096c98d1fefad19954ec7f89

    SHA1

    4273dc20fcf1517b3c538f1894df8bc80c8b11c6

    SHA256

    e9c568ec44b69d255d1464206761543b7dd3e542fb32ee6b1578327f973a94d0

    SHA512

    d7a27af9b196f2a252b7ac5181300129849e8929b817bb8c503b275c16b6e7073cdd5633e7924e13763d644f3af6e894d2bf2d3e7c1df10fc8f19a2454b589fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a3171d0df8278311cbb58d5d7516a97e

    SHA1

    c208e88ea4b70fd2407e8f8840828c00d955d751

    SHA256

    3d05bd6b54672b3fdf6bef07b18fab9f60e15eddef0add7411b14629777b2a81

    SHA512

    bec0e63a350dbccbc3216ba1169636592ed1839a3a4e408611c0cce4dfedb836483fde996ba6f0a8a3c85e82fef6afa1bb0d37c34d8bb27086bc80778cf42586

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d3559722946371bcad89a6c63e7c91b

    SHA1

    7b005e112fec9f7a2f8a9773dab23d550ad74e14

    SHA256

    b636478d73a3b5d2912b7a9605c97c2e29a19bdb12978d3d68993daffd2b8e26

    SHA512

    5d516efeb3f0d0d89cb38895b977b5719397094b22304481e2cadb2deae68270be00fe0a6fea69360bd93edae47b1a05f9722029117464e55bbe72a31cbecb3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    796411c8af137e7ab74872c6deab4daa

    SHA1

    6aa6c0ce0c6d5c5b0cb5d91e2d3793ad91ebafc6

    SHA256

    108abc0fa1eb2e40acb9f01b954bc5057c686203a95432d7c3d13401fe65f727

    SHA512

    470766786e86bf649ce95ec0cc8af27ba92f48ca02ee8184125cb388e35f13de2b316e0ab418b0995f98c965db8e921f4b4afb0f1d3e14b8eded6850325f4c39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e80aed6404e81a8c780f1647d223e1fb

    SHA1

    f231585ed9684938f9bb448d37768116e573132b

    SHA256

    839d52468904ab76586b72b2c2b3962966f12bafa6fc1928262b75a9d3e9adf1

    SHA512

    479f252cf09a48533a24269f3808a22f200861d92635ed5c15be384509f4aaddfbda4454d6ca9fbeb87647fc875a840db6e41b2cefdea69515c63818eefdcc1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a9d179b064cfcd944f924b32abec352d

    SHA1

    ca18a37b68b793c93e6e569c7efb62f5d90a77e9

    SHA256

    a3b1e606633c5ba10d04693b755887bfa0203e61e20097d53d448348c0c2ea8e

    SHA512

    78a8e576d48db3c8abf6247fc4fdae00ee1a2cc704f0dead0e58f03d31fa15c3e5fb073de0831d76ede25be610933bc53d1fd31e61d68ca119bb504a4e58cf99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82bd0c9fef39b4a84314e18d682d9407

    SHA1

    9c719f16bddc14daf48184faed81fb14bd20d4ed

    SHA256

    7b1ef3fa9b2627a9a10b9e3864f8b0c9912b62b3267784045722723118fd42e4

    SHA512

    f6ee65f68e013aaf7421fc1fce3c3b75994eb91a47c9a3aefc71b55de3710211232de1653c6b87f18823029195078f79ea3e81b16d3c2737525dc4886df4c711

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b05ba9c0b1cee37a0a5747e9e516ba2

    SHA1

    8556ecbcc38ffed4b4534e8a106dd195041d273f

    SHA256

    c14d11a270d86aa651a3afc763cb79730f3bb0d6c039c7738b732e812b01f05a

    SHA512

    22e1402ae5a76f1c41251548b9b6ff04efb5ec93e3577865b2e793241c58839ca516012da78fc2f152bd14e8c3990fcf0fe9d81053e7b96154ecdba948595cb6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0457a5809e3e4aeb5540798e64cc342a

    SHA1

    a0e13eecb182bad2c1eac7861d106e37128a6612

    SHA256

    0a39579e06809f5e206bd2bb293c0eef3d81c387ed86aa4ea1069ba4e9c8b666

    SHA512

    6215357753a0b87adf7c955ddda7cc53c231a498ccab61f4b96c12782b656c1b7c5d2d13a2ae17bd7608a09a9d25a55ed56b66685d713e95c9cdd7d2f3c8ec36

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28fdf4e6de26ef9c5139f2fd0e8c7b33

    SHA1

    fb9aed4f9609baa61c504e1e3dafa0839dc0f93c

    SHA256

    343ca30485f2a95f038767d3bf3d800b83f4bbf4ea6439c8f7ea98d23d5358b3

    SHA512

    7d6f17175b4e211e94a431c6ad56c227e838587946ccd127f85bcd8154304331cde026d19b2daa3aaeb354d47f6b3cf154196a0033c89ea9b3303e8b735119e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2be9fbde477b8bf46e293659aeea7d15

    SHA1

    5b3815a44b5ca2701e4952cad620d9240de386af

    SHA256

    57fe32be498ec85f33a41e93293d389146d2215409b07e84dbc7bc3163d66927

    SHA512

    3e55f8ef565a9c578104fffda4c063058399fde23c1d09f934b82c297ca1a61a15fd47e02f963800aeb9d328664e0553af831c6c1d10b44ad1d42dfeb138d811

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1c1c9673f9d2108807d44a8f024662c9

    SHA1

    ee7c8c2bf3f3e1a9eb02c5ee849137fcc65fbfbb

    SHA256

    e2dea9da920c8c92a9ea955a761afb706fb3cf79293992cae46759134cf1890a

    SHA512

    691462a00674a1f41ac564c086466346036ab82383c94387f369ff0ebfe8270ee638032d8854479f4d464f21ff890316139ef68aac319b9374f1b3e0c7e67cd3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabEA91.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarEB01.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2228-2-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2228-0-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2228-4-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2228-7-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2228-1-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2228-5-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2228-3-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-11-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-9-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-13-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2792-8-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-12-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-10-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-21-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-16-0x0000000000400000-0x00000000006A6000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2792-17-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download