Overview

overview

10

Static

static

10

40b6755a36...99.exe

windows7-x64

7

40b6755a36...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    15s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    07-12-2024 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999.exe

  • Size

    145KB

  • MD5

    5de05a7718e617eb0556a44bee7d10b3

  • SHA1

    89e382bb8bf399d5184f4f2d2688551176404108

  • SHA256

    40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999

  • SHA512

    f77174bb59c337ec05de875942d29a634eced589fbde1be3ddf64a058f5e0681ec52819ba2c5ccab38a47c6fb9bb32d8a80d95718a8b1fb784e430de51f8bd8c

  • SSDEEP

    1536:qzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD+9eKvnVVIOjaav162DgWLKXIGB:ZqJogYkcSNm9V7DeeELLaav1n1W4sT

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999.exe
    "C:\Users\Admin\AppData\Local\Temp\40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2704

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini
    Filesize

    129B

    MD5

    d638dcf8893495dddb929f6a06da339f

    SHA1

    11ef1ffc1ff9a67ff5e75b993a1141aa6d605a12

    SHA256

    b9e0b9ce684833c72baa48304338f60df16137cb4f16a5d9dcfc83e3bf024e73

    SHA512

    d76c0f7d657599dd08187bbe05db776cff7aab9da2d9e38fbf610983914282369a54b10d6787ec1f5b2f0bd37b585e97474cc2f24191b036d90a6eac99a4cdaf

    Download Submit

  • C:\VRD1mHoUi.README.txt
    Filesize

    422B

    MD5

    5ef6decac957aab1a25f02d1a55815ec

    SHA1

    21818e093bd179b29b7134cd01b931f0210e9558

    SHA256

    f9d96a4001e6844fd843e264472baf2318154c76e154e4b7a6131f67787d2335

    SHA512

    59037b3f85316a4836d22a525ec9f1273ac3aff5f9d9b864ba4ca2207a4c51cddd0486efad2efaf994302d487133d2849c01f8ccbce0ca8ff89bd236a8a5cbee

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-2703099537-420551529-3771253338-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    e6d766b07a2bd3a539b6c40ab51edea9

    SHA1

    0a0b12be2a091e7c4bc28e19c7fac749d3a53f40

    SHA256

    efbcda3fbdd2a3a15f9d5caaab6f998e5ee60ea557a9631822d1e5479848bd54

    SHA512

    dac08572e49078f92f6bd47b130651d1a2d866c625419f43331270ce34b29401ed3e4cc569f8ed57ab928d44c7c315345fa4a555122780c91075f885b7d03e2f

    Download Submit

  • memory/2704-0-0x0000000000DC0000-0x0000000000E00000-memory.dmp

    Filesize

    256KB

    Download