Analysis
-
max time kernel
119s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 09:08
General
-
Target
10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349.exe
-
Size
2.6MB
-
MD5
5f366f7e7dd7329c581da9c15bd4aaa1
-
SHA1
76717369a15a09c4375fd2a45aa1e45469f1720e
-
SHA256
10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349
-
SHA512
188b7173d8c53a28ee1261cbb28ca47bdd143c39eaa4af68294d1ce4dcbaf586b8abb2c70592bf1c8bb51158502562acf3da3dd8e79e5d9e43e2948071955fa8
-
SSDEEP
49152:sxX7665YxRVplZzSKntlGIiT+HvRdpcAHSjpjK3LB4B/bSm:sxX7QnxrloE5dpUp7b/
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349.exe"C:\Users\Admin\AppData\Local\Temp\10d02651b6c50749154e5ae91986d131ddc5938500a962603671a5db78900349.exe"1⤵
- Drops startup file
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locdevdob.exe"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\locdevdob.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Intelproc2H\adobec.exeC:\Intelproc2H\adobec.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB
MD52428c64d534302b1ef49f7322c890a4f
SHA15ed0a7ff892031946b9c6c10cd400d4fb0d675b1
SHA256c13e16a0cd46cd30c8b698b4c0dad509ddf71a86be6b310876c9800409cd23a3
SHA512451e9cac0c7f785c764619c92cccab81538cde1bfe3bdbf60c66529126f5198cfae8910413fc6a7b3dd87c004c3a2967820184f2d3ac43299dc74ed69a71ef7f
-
Filesize
32KB
MD5b49076433c0bf84919c9872909ac9b4c
SHA162ccebdcdf26aab3095a02caf388459acba54554
SHA256047965653df12ad8344f021b1f08bcf8f2c1d61ab509d61b8d166ad7b0aabb99
SHA51213bf6e46756787aacb11302c4300040db7eb4fcb38e7f33accfd48dab2ec6ed3056a5caf7212b585485fd71396d534800f9bef245d814f3af4489df0ab3f07e7
-
Filesize
2.6MB
MD565fbb0a131cf2f4386a469d7010477a5
SHA114b4252d6a78eda7b6fe797021a2f41633c1503f
SHA2564dd6e26ecdec5c850ad07347172ba99b5cd6c7bb81b472e9818ca2acf8300f72
SHA512f7c8df6a9c2303f5c04e311b5c8b035b62fd6a06e4f81f356ff15cea8b58e55fabe8dab9391da70ce26405ba1344474a74385d71fa62d60a921b1e48b43bf1b9
-
Filesize
205B
MD5f63ba82502f87439e4abdde23e43abde
SHA18bd253332b1e085edce6d22da372aec616184a39
SHA256101d18bce3635b45e4b7247d829f01b7eaa901fa9c3696bc7d43ef5177ab3922
SHA512a554a6e3554194e0c373bb01d683c4c3ec1cff23b48f155c15193b9a0724f88410e74f74cd84e43e1ba58929a1b0be8a733217f147f6be6808dffcf032b737d5
-
Filesize
173B
MD5e450a2dcf83a31d94ee2990106daeecb
SHA141a0b318b955262689696ea96dcf1a96a684133c
SHA25673b5ba9920c58b310c063b125559034af7e2ba3a747ac201c4c3ca32be8837fc
SHA5128687d3f57e07a19eab01f98529c1ae8da5fdeb90eaaad5e9bd9f5de7a5058ef940c77488a497c0258d926b0d934ef5dba70d9530a705bba76c622a57766a6393
-
Filesize
2.6MB
MD5d49127cf2c04b3f2274493e81c1a177a
SHA1d53eec9e739c627be13d3608f9f88c0722db9123
SHA2565b24e1a797e80ffcdd6a41c9f9cb6d59d1cd339dc47036463e975035b5576417
SHA51216007fb338dc8e4398598a31cd6e4f1ddd5a0daffa7d554f466b517ba05c8a27f00333161734c0bbe28162ae157b2aa50e0216d32486803d57de7b418a04ef90