Overview

overview

10

Static

static

10

40b6755a36...99.exe

windows7-x64

7

40b6755a36...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    35s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2024 19:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999.exe

  • Size

    145KB

  • MD5

    5de05a7718e617eb0556a44bee7d10b3

  • SHA1

    89e382bb8bf399d5184f4f2d2688551176404108

  • SHA256

    40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999

  • SHA512

    f77174bb59c337ec05de875942d29a634eced589fbde1be3ddf64a058f5e0681ec52819ba2c5ccab38a47c6fb9bb32d8a80d95718a8b1fb784e430de51f8bd8c

  • SSDEEP

    1536:qzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD+9eKvnVVIOjaav162DgWLKXIGB:ZqJogYkcSNm9V7DeeELLaav1n1W4sT

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999.exe
    "C:\Users\Admin\AppData\Local\Temp\40b6755a3666ffe5ef76de7bf56064dbe4034d90ec0ce762b173c7db2ca64999.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\IIIIIIIIIII
    Filesize

    129B

    MD5

    2e64d50a24fd78217aa58e12d21bfeca

    SHA1

    4537fe4752d75d86754b03f7245f18ddb8c1148a

    SHA256

    4ca216f3dae21207a46bee03804f980fdf3d89aaf49dffb09fa5d9e2baf9b802

    SHA512

    d3d9566992a5252487b8bdd0c08613e9cb97a6330ccab17d601ce0888b0f357c30e3bef39951114faea4538b4e19bad4dc717775d02d67e74ec11deea3fd4d2f

    Download Submit

  • C:\VRD1mHoUi.README.txt
    Filesize

    422B

    MD5

    79dc303ad4667424fd40f5123d83df25

    SHA1

    02160f04b79df9cf4e1fe99a1b30c3df53a1a548

    SHA256

    a4e8204f3ff9e0a307c092c848b657b9be501ec7f4f3c832cd7d9ef1d1abab0b

    SHA512

    d77b831c78dd3d2bf1efbe24b0e695e92453e05eca5c3a800fa0c2eccdab32369671e6822ab9c6c9e349f7b02026fcdcf8311eac76572471ea83d16013bd690b

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3227495264-2217614367-4027411560-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    26fc5f866de89d8c0c930db4c99958f2

    SHA1

    4b09676ecbf97ca3368b179b091c833d2c90631a

    SHA256

    bdc6f793d96f0a8bce3e5ab3049f6416c58061d292a88a8d815daee4a8fce631

    SHA512

    9530fa118708006db86aaaa24921f11c730e55828f4a259798bccb0910261ca6583cac2285ddddeb66248d8d4b3c0570dd6215a6ff71d9fda5e207e73d367d1d

    Download Submit

  • memory/1984-1-0x0000000002FB0000-0x0000000002FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1984-0-0x0000000002FB0000-0x0000000002FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1984-2-0x0000000002FB0000-0x0000000002FC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1984-2958-0x0000000002FB0000-0x0000000002FC0000-memory.dmp

    Filesize

    64KB

    Download