Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
23-12-2024 18:09
Behavioral task
behavioral1
Sample
Injector.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Injector.exe
Resource
win10v2004-20241007-en
General
-
Target
Injector.exe
-
Size
16.3MB
-
MD5
e0ec4f575f876e515f7f56e372fa1142
-
SHA1
7a7a5a5fa0b2fa8a6a782f9f27344a1db40fb859
-
SHA256
43725dbdc733f409e34f9cd8c2daceb2d1b5c2baa2a5663452166522ff794586
-
SHA512
d03bf3ff1182c1764dc8e912229b0bf202660f29356890777bd36864a96b8509e8c44a2d2b9100041fa591f50f0609d43e8519f61fdcf8517827deacd9f3735f
-
SSDEEP
393216:I9YimSsewq3Obs2CltXMCHWUjurRQ7XbFsn6dEahcyorChF9DA33JX2E:I9YimRewq3ObRqtXMb8urRQ766dhcyo7
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Injector.exe Injector.exe -
Loads dropped DLL 41 IoCs
pid Process 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe 5028 Injector.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 33 IoCs
flow ioc 24 discord.com 48 discord.com 59 discord.com 63 discord.com 54 discord.com 57 discord.com 61 discord.com 18 discord.com 29 discord.com 38 discord.com 43 discord.com 26 discord.com 47 discord.com 60 discord.com 49 discord.com 50 discord.com 52 discord.com 58 discord.com 19 discord.com 35 discord.com 36 discord.com 37 discord.com 64 discord.com 27 discord.com 40 discord.com 51 discord.com 42 discord.com 53 discord.com 62 discord.com 23 discord.com 30 discord.com 39 discord.com 41 discord.com -
Looks up external IP address via web service 5 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 7 api.ipify.org 9 api.ipify.org 14 api.ipify.org 45 api.ipify.org 55 api.ipify.org -
Enumerates processes with tasklist 1 TTPs 1 IoCs
pid Process 1892 tasklist.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1892 tasklist.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4756 wrote to memory of 5028 4756 Injector.exe 84 PID 4756 wrote to memory of 5028 4756 Injector.exe 84 PID 5028 wrote to memory of 3944 5028 Injector.exe 85 PID 5028 wrote to memory of 3944 5028 Injector.exe 85 PID 3944 wrote to memory of 1892 3944 cmd.exe 87 PID 3944 wrote to memory of 1892 3944 cmd.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\Injector.exe"C:\Users\Admin\AppData\Local\Temp\Injector.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Users\Admin\AppData\Local\Temp\Injector.exe"C:\Users\Admin\AppData\Local\Temp\Injector.exe"2⤵
- Drops startup file
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "tasklist"3⤵
- Suspicious use of WriteProcessMemory
PID:3944 -
C:\Windows\system32\tasklist.exetasklist4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
PID:1892
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD540390f2113dc2a9d6cfae7127f6ba329
SHA19c886c33a20b3f76b37aa9b10a6954f3c8981772
SHA2566ba9c910f755885e4d356c798a4dd32d2803ea4cfabb3d56165b3017d0491ae2
SHA512617b963816838d649c212c5021d7d0c58839a85d4d33bbaf72c0ec6ecd98b609080e9e57af06fa558ff302660619be57cc974282826ab9f21ae0d80fbaa831a1
-
Filesize
12KB
MD5899895c0ed6830c4c9a3328cc7df95b6
SHA1c02f14ebda8b631195068266ba20e03210abeabc
SHA25618d568c7be3e04f4e6026d12b09b1fa3fae50ff29ac3deaf861f3c181653e691
SHA5120b4c50e40af92bc9589668e13df417244274f46f5a66e1fc7d1d59bc281969ba319305becea119385f01cc4603439e4b37afa2cf90645425210848a02839e3e7
-
Filesize
14KB
MD5c4c525b081f8a0927091178f5f2ee103
SHA1a1f17b5ea430ade174d02ecc0b3cb79dbf619900
SHA2564d86a90b2e20cde099d6122c49a72bae081f60eb2eea0f76e740be6c41da6749
SHA5127c06e3e6261427bc6e654b2b53518c7eaa5f860a47ae8e80dc3f8f0fed91e122cb2d4632188dc44123fb759749b5425f426cd1153a8f84485ef0491002b26555
-
Filesize
10KB
MD580bb1e0e06acaf03a0b1d4ef30d14be7
SHA1b20cac0d2f3cd803d98a2e8a25fbf65884b0b619
SHA2565d1c2c60c4e571b88f27d4ae7d22494bed57d5ec91939e5716afa3ea7f6871f6
SHA5122a13ab6715b818ad62267ab51e55cd54714aebf21ec9ea61c2aefd56017dc84a6b360d024f8682a2e105582b9c5fe892ecebd2bef8a492279b19ffd84bc83fa5
-
Filesize
11KB
MD519e0abf76b274c12ff624a16713f4999
SHA1a4b370f556b925f7126bf87f70263d1705c3a0db
SHA256d9fda05ae16c5387ab46dc728c6edce6a3d0a9e1abdd7acb8b32fc2a17be6f13
SHA512d03033ea5cf37641fbd802ebeb5019caef33c9a78e01519fea88f87e773dca92c80b74ba80429b530694dad0bfa3f043a7104234c7c961e18d48019d90277c8e
-
Filesize
117KB
MD5862f820c3251e4ca6fc0ac00e4092239
SHA1ef96d84b253041b090c243594f90938e9a487a9a
SHA25636585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153
SHA5122f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e
-
Filesize
48KB
MD568156f41ae9a04d89bb6625a5cd222d4
SHA13be29d5c53808186eba3a024be377ee6f267c983
SHA25682a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd
SHA512f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57
-
Filesize
71KB
MD5142e957ae9fe9dd8514e1781c9a35c2b
SHA166d587f8b3a9f8cf237fc682c6e6d3d0929f1df9
SHA2564c6d6690e91974804c1eaf77827ea63882711689baff0718a246796ff40b2a23
SHA512874a827a6183bfe9898c80c25db4336eb58273a0ec701bc5f497364afe3084d6634bf6db7f9dc02ef593c6a751e678be419e9af050bd51c4bbb89d98f53c5f0b
-
Filesize
83KB
MD5c17dcb7fc227601471a641ec90e6237f
SHA1c93a8c2430e844f40f1d9c880aa74612409ffbb9
SHA25655894b2b98d01f37b9a8cf4daf926d0161ff23c2fb31c56f9dbbac3a61932712
SHA51238851cbd234a51394673a7514110eb43037b4e19d2a6fb79471cc7d01dbcf2695e70df4ba2727c69f1fed56fc7980e3ca37fddff73cc3294a2ea44facdeb0fa9
-
Filesize
175KB
MD55cba92e7c00d09a55f5cbadc8d16cd26
SHA10300c6b62cd9db98562fdd3de32096ab194da4c8
SHA2560e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA5127ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded
-
Filesize
129KB
MD52bd5dabbb35398a506e3406bc01eba26
SHA1af3ab9d8467e25367d03cb7479a3e4324917f8d0
SHA2565c4c489ac052795c27af063c96bc4db5ab250144d4839050cfa9bb3836b87c32
SHA512c07860d86ae0d900e44945da77e3b620005667304c0715985f06000f3d410fffb7e38e1bc84e4e6d24889d46b9dac6bf18861c95b2b09e760012edc5406b3838
-
Filesize
274KB
MD5ad4324e5cc794d626ffccda544a5a833
SHA1ef925e000383b6cad9361430fc38264540d434a5
SHA256040f361f63204b55c17a100c260c7ddfadd00866cc055fbd641b83a6747547d5
SHA5120a002b79418242112600b9246da66a5c04651aecb2e245f0220b2544d7b7df67a20139f45ddf2d4e7759ce8cc3d6b4be7f98b0a221c756449eb1b6d7af602325
-
Filesize
63KB
MD5422e214ca76421e794b99f99a374b077
SHA158b24448ab889948303cdefe28a7c697687b7ebc
SHA25678223aef72777efc93c739f5308a3fc5de28b7d10e6975b8947552a62592772b
SHA51203fcccc5a300cc029bef06c601915fa38604d955995b127b5b121cb55fb81752a8a1eec4b1b263ba12c51538080335dabaef9e2b8259b4bf02af84a680552fa0
-
Filesize
155KB
MD566a9028efd1bb12047dafce391fd6198
SHA1e0b61ce28ea940f1f0d5247d40abe61ae2b91293
SHA256e44dea262a24df69fd9b50b08d09ae6f8b051137ce0834640c977091a6f9fca8
SHA5123c2a4e2539933cbeb1d0b3c8ef14f0563675fd53b6ef487c7a5371dfe2ee1932255f91db598a61aaadacd8dc2fe2486a91f586542c52dfc054b22ad843831d1e
-
Filesize
35KB
MD522d20bd3946419ecf0882315ae1f96de
SHA1f3c07bef75fa372a6905e971ca8350d1e3e48058
SHA2569da721822a592f8c4e9a96ebaa4517c45768d7737582e0e5b933066f453a2e5e
SHA512a3bec1f99240b9e9d823405eecc1c511c46f11c7d844229a0dad7e23edb69df365874c184fe9b2637f12a94132e44acecc3a434810d0ff5c819f8207f1ddde9f
-
Filesize
55KB
MD54df3728d404e0b1607a80b32c6c93bcc
SHA1d6ebd687de4d5fd8037f0775d6ea88b84f6a8287
SHA256c8a0e2c0d7f82cedb839d2c0b827cf139113faa4aba05f2345c80e2cf3335b8a
SHA512f9f51ac1f82e2fa799249336a927a84b0a44055ada0a136e318d9073633c2595445a933fbc74b0b3c16cbad6c253d1df76cad031389d89daf9a789de1526e265
-
Filesize
34KB
MD5955b197c38ea5bd537ce9c7cb2109802
SHA18feffcb11740ddafc4479fc008cc06c6b570a8bc
SHA25673cade82ee139459fe5841e5631274fc9caf7f579418b613f278125435653539
SHA512cab0d8d10fb3bff72d20b287901ccd9be685796142cd2e45e4712cd6f4551dec69180490c2fdfad262c6927a3c7f4fefe68187f64c066731fe17012f78a0ed69
-
Filesize
82KB
MD5abf998769f3cba685e90fa06e0ec8326
SHA1daa66047cf22b6be608127f8824e59b30c9026bf
SHA25662d0493ced6ca33e2fd8141649dd9889c23b2e9afc5fdf56edb4f888c88fb823
SHA51208c6b3573c596a15accf4936533567415198a0daab5b6e9824b820fd1f078233bbc3791fde6971489e70155f7c33c1242b0b0a3a17fe2ec95b9fadae555ed483
-
Filesize
126KB
MD58a8ed31d0a082bcdfb7d5a3249689890
SHA1ff9c7529ed7636fa0cda44d8c9d043c84d8f55f2
SHA256c2161b71db9ce8c518d65e8a36c9ec67cd6d039ff732203b8adbe2c7ea883f6d
SHA512075aa2ccb70041ffc66c5bc672dbf05aac1bf8f1f33f86d2fa2578fe9be3731689686dae6e69d59515028390ba0da1ea452f3bd2d46b9cce3f26106084db074f
-
Filesize
178KB
MD5cf541cc288ac0bec9b682a2e0011d1ff
SHA1ef0dd009fdad14b3f6063619112dcdfafb17186d
SHA256e94f0195363c5c9babfc4c17ec6fb1aa8bbabf59e377db66ce6a79c4c58bbd07
SHA512f97e7fc644356bebe7e3deaa46b7de61118b13af99c9e91d0fbcbe3caea0c941265bcb28fee31a22fc3031c6428517c5202c1425654f3c2cd234979c9e3c04b8
-
Filesize
27KB
MD5b5f2d9353f758e1a60e67dac33debdd2
SHA1edae6378d70b76846329fa609483de89531bcf16
SHA256cde836ef0bde1c15c1c3750de54b50d2285864c512abbfc9e2c94f0ff5aa5ca2
SHA5129d780a8ec760c6bae3b53079c9a0670c7cbf2af6aababda0234ee71c5e0546b501cbe9666d973eaa28fb7fb7285814ecfece98d20cf4a86d3aea9a61a8120397
-
Filesize
39KB
MD5c629ce084fc76ac60b7a77479cb2225c
SHA1fe80955f217162ce9d4910202bbe30f7601d254a
SHA256afad80f9e62a57814779cf3e48352b583c1a0697b11a23cc9db3f4e43f7f8664
SHA5129863767981508f458c61553e5a50b6c5d70956676fee92e15b5ab08b1770ba0f640392fa12feddd6ab1eac5a418f3f8cd057c608e33653a2825ca36edded78b6
-
Filesize
1.3MB
MD518c3f8bf07b4764d340df1d612d28fad
SHA1fc0e09078527c13597c37dbea39551f72bbe9ae8
SHA2566e30043dfa5faf9c31bd8fb71778e8e0701275b620696d29ad274846676b7175
SHA512135b97cd0284424a269c964ed95b06d338814e5e7b2271b065e5eabf56a8af4a213d863dd2a1e93c1425fadb1b20e6c63ffa6e8984156928be4a9a2fbbfd5e93
-
Filesize
292KB
MD550ea156b773e8803f6c1fe712f746cba
SHA12c68212e96605210eddf740291862bdf59398aef
SHA25694edeb66e91774fcae93a05650914e29096259a5c7e871a1f65d461ab5201b47
SHA51201ed2e7177a99e6cb3fbef815321b6fa036ad14a3f93499f2cb5b0dae5b713fd2e6955aa05f6bda11d80e9e0275040005e5b7d616959b28efc62abb43a3238f0
-
Filesize
10KB
MD556fe4f6c7e88212161f49e823ccc989a
SHA116d5cbc5f289ad90aeaa4ff7cb828627ac6d4acf
SHA256002697227449b6d69026d149cfb220ac85d83b13056c8aa6b9dac3fd3b76caa4
SHA5127c9d09cf9503f73e6f03d30e54dbb50606a86d09b37302dd72238880c000ae2b64c99027106ba340753691d67ec77b3c6e5004504269508f566bdb5e13615f1e
-
Filesize
122KB
MD510116447f9276f10664ba85a5614ba3a
SHA1efd761a3e6d14e897d37afb0c7317c797f7ae1d6
SHA256c393098e7803abf08ee8f7381ad7b0f8faffbf66319c05d72823308e898f8cfc
SHA512c04461e52b7fe92d108cbdeb879b7a8553dd552d79c88dfa3f5d0036eed8d4b8c839c0bf2563bc0c796f8280ed2828ca84747cb781d2f26b44214fca2091eae4
-
Filesize
5.0MB
MD5123ad0908c76ccba4789c084f7a6b8d0
SHA186de58289c8200ed8c1fc51d5f00e38e32c1aad5
SHA2564e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43
SHA51280fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04
-
Filesize
38KB
MD50f8e4992ca92baaf54cc0b43aaccce21
SHA1c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA5126e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
Filesize
774KB
MD54ff168aaa6a1d68e7957175c8513f3a2
SHA1782f886709febc8c7cebcec4d92c66c4d5dbcf57
SHA2562e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950
SHA512c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3
-
Filesize
197KB
MD503493d1441671abe9339af942253dac3
SHA10d8800be2733bb56fb2909a6f9389c00eb00f612
SHA2563a4830342ab562e41ab93b4bc2dc45fe0ab760815e7c3ec4a7fddc914ec99982
SHA5121b092a9e2e9e64533e7436c239961cee4ffde0fa6fed4c6e0ca2a9f72fc72065d457968dc92e74f4e052cd2557f6d380a86046117b6a450306a16ac6e885a036
-
Filesize
70KB
MD5ad2c4784c3240063eeaa646fd59be62c
SHA15efab563725781ab38a511e3f26e0406d5d46e8d
SHA256c1de4bfe57dc4a5be8c72c865d617dc39dfd8162fcd2ce1fac9f401cf9efb504
SHA512c964d4289206d099310bd5299f71a32c643311e0e8445e35ae3179772136d0ca9b75f5271eaf31efc75c055cd438799cef836ed87797589629b0e9f247424676
-
Filesize
5.8MB
MD53aad23292404a7038eb07ce5a6348256
SHA135cac5479699b28549ebe36c1d064bfb703f0857
SHA25678b1dd211c0e66a0603df48da2c9b67a915ab3258701b9285d3faa255ed8dc25
SHA512f5b6ef04e744d2c98c1ef9402d7a8ce5cda3b008837cf2c37a8b6d0cd1b188ca46585a40b2db7acf019f67e6ced59eff5bc86e1aaf48d3c3b62fecf37f3aec6b
-
Filesize
31KB
MD562fe3761d24b53d98cc9b0cbbd0feb7c
SHA1317344c9edf2fcfa2b9bc248a18f6e6acedafffb
SHA25681f124b01a85882e362a42e94a13c0eff2f4ccd72d461821dc5457a789554413
SHA512a1d3da17937087af4e5980d908ed645d4ea1b5f3ebfab5c572417df064707cae1372b331c7096cc8e2e041db9315172806d3bc4bb425c6bb4d2fa55e00524881
-
Filesize
1KB
MD54ce7501f6608f6ce4011d627979e1ae4
SHA178363672264d9cd3f72d5c1d3665e1657b1a5071
SHA25637fedcffbf73c4eb9f058f47677cb33203a436ff9390e4d38a8e01c9dad28e0b
SHA512a4cdf92725e1d740758da4dd28df5d1131f70cef46946b173fe6956cc0341f019d7c4fecc3c9605f354e1308858721dada825b4c19f59c5ad1ce01ab84c46b24
-
Filesize
1.5MB
MD531a0332fa7a20a91e0ae0ee2e2b3e179
SHA1a26f8e51b200cc222ba8a8cc14df6926a577132a
SHA256afb50a080d3c79d9c89d134b006fb2b0779b5ffeeb703762d163141b15eb03bb
SHA512ebb50a5611b9e82161ab813acdc21d7bcb0b5d98587b67cc82a0fdd18df5a8415406e1a06c1c0a95e9eebff3909d6104756ff73ae965efc49ffff04ec4210e30
-
Filesize
695KB
MD543b8b61debbc6dd93124a00ddd922d8c
SHA15dee63d250ac6233aac7e462eee65c5326224f01
SHA2563f462ee6e7743a87e5791181936539642e3761c55de3de980a125f91fe21f123
SHA512dd4791045cf887e6722feae4442c38e641f19ec994a8eaf7667e9df9ea84378d6d718caf3390f92443f6bbf39840c150121bb6fa896c4badd3f78f1ffe4de19d