ba160d4beb7afd708071afae7cbdd753e15b43f4472050b0ea1820f54c39c2c2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2024 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup_32x_64x.exe
Size

785KB
MD5

fa388cb487e6a30efc90df8d6a54b430
SHA1

3707474e14ba8df589682edf4e6a1cf020ce9862
SHA256

17f6a6c407112e236586d078a77bef0947bdae149bf8c6e025bd9d0c479f0e3f
SHA512

92bee7c92a451cb1ad06a8ca1f634a7c8d4aeb340fb70129d337b8ea3797df73bdf45bcf49fc38d36a80f034a62ce25029bf639199cb3815499ac9e7c2e81c29
SSDEEP

12288:oU2JEwzrwsblKWWG6YDsLViPaPr5RpGJ/zs87GSu:cqGrwsbNnDsLViCPrISIu

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup_32x_64x.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup_32x_64x.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Setup_32x_64x.exe

C:\Users\Admin\AppData\Local\Temp\Setup_32x_64x.exe
"C:\Users\Admin\AppData\Local\Temp\Setup_32x_64x.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MWnPQMXmZjMx\CmnEOSNOScj.zip

Filesize
51KB

MD5
9d66672998f4c1f0d805c49fb8e54439

SHA1
7b8b557a85ba266129d73a3737d7cf7ccc4f45da

SHA256
b2450c134a3a70fb9af50f8913241a33cb052e4410d5d72d8c585838b3d36a5a

SHA512
b10cb0072f73378368e4105a07aa30903f151814e855026fa157bacc729abb5fddee14e021edcbdd698acd258e6eb8ff7e1397401cf99475a32e4e8c971eee95

Download Submit
C:\Users\Admin\AppData\Local\Temp\MWnPQMXmZjMx\_Files\_Information.txt

Filesize
3KB

MD5
7504b4f93215857d83381c649b490bdb

SHA1
26bcbb69a2bb180bf6fe1a0a27d5baf1b9920769

SHA256
001cdaef171487b5ee2185e2a27b137077959cc72c0c3cafd50d14e336957be3

SHA512
872e812ca08478d800b8ad6fa5f21e080908b67bf236a331566e24c596aa3cfa498e2edf7d6a089a0d7880863006be54743815dcc16423b61909837cae4eeb8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\MWnPQMXmZjMx\_Files\_Information.txt

Filesize
3KB

MD5
2aaf510921da7b9face39a4aa57c07f4

SHA1
3df8b570ec0ce7f002461714918dba702b26c0a5

SHA256
dc277e27b64786e008a8a6311bc71652f51c6206000a6228ff6aab1c5d4b16a4

SHA512
804d522353e3a1f297d328c4547e148ece29d9ab5475d7f1c055784acf9ca417909fd9e7f57a41891c8a0434a1a1de70895008f093688c072d9ee88cbb8f86cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MWnPQMXmZjMx\_Files\_Information.txt

Filesize
5KB

MD5
2b3448e1d1464ac5e2023c4a4b2096d7

SHA1
9cdd471be4f0ca81dadf6e10f0c6252d46533cce

SHA256
169ee29313af245d2975711d42caeabb2985c493c723970489038dca61304701

SHA512
6c1350970ae1bb339a456da60cdb7c8805a7bf4581b59d3a7a179392a49635677bce3ff5b9efdcbaaa6f95ad741c7f65dfb7c006be4ac72d11287726634ad85d

Download Submit
C:\Users\Admin\AppData\Local\Temp\MWnPQMXmZjMx\_Files\_Screen_Desktop.jpeg

Filesize
56KB

MD5
caaa0c6ee53b36cb705dacf6a155c944

SHA1
39e421d0c44ed6a783c169e948ef89c1c43279ea

SHA256
c6b9bfdc168f2fa8515a7e49549a98aac833b679d24289700dcdd9816ad7f037

SHA512
66b37946b7b44bab614e7f9ed6fd2f625f1d684d08dc6d6e1a67048f54ea615d7b419d7c2f103d4deb7a4582e4c619edbe1ac37fe07c8ce055cb7e04e694fcd5

Download Submit
memory/2428-0-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2428-1-0x000000000045B000-0x000000000045D000-memory.dmp

Filesize
8KB

Download
memory/2428-2-0x0000000000400000-0x00000000004EB000-memory.dmp

Filesize
940KB

Download
memory/2428-116-0x000000000045B000-0x000000000045D000-memory.dmp

Filesize
8KB

Download