Overview

overview

10

Static

static

10

1736928426...ed.exe

windows7-x64

10

1736928426...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    96s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-01-2025 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exe

  • Size

    895KB

  • MD5

    2ae0772ccbb6ba5fdbd9c2e8369d0f02

  • SHA1

    16ecc3070e5a4347d8bee0d5fed8f99c57769efc

  • SHA256

    3af1eea1320c617f8607630704e19422a743eac1b6fb5e941ccb3e88f320610b

  • SHA512

    ff12e0c7dbbc25ccfbbd3a4f2d0665d2ed826b0ac8695307c523f9e748b29031dafa38c1fae64b3f847b81c27a40a5ab94d7c663cc741d9047094b8ea02c95c6

  • SSDEEP

    24576:2Bf3DbcnrLRjnFVBSU8IjCBuYouaWiKe6MC8EimkXctAzBktNVwqk8zGZsHgPuPK:PfhXG

Score
10/10
obj3ctivitycollectiondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Detects Obj3ctivity Stage1 1 IoCs

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealer
  • Obj3ctivity family
    obj3ctivity
  • Obj3ctivity, PXRECVOWEIWOEI

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealerobj3ctivity
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exe
    "C:\Users\Admin\AppData\Local\Temp\17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • outlook_office_path
    • outlook_win_path
    PID:2748
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      2⤵
      • System Network Configuration Discovery: Wi-Fi Discovery
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:2436
        • C:\Windows\system32\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:2372
        • C:\Windows\system32\findstr.exe
          findstr All
          3⤵
            PID:2932
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2144

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2748-0-0x00007FF9D5903000-0x00007FF9D5905000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2748-1-0x00000000002E0000-0x00000000003C6000-memory.dmp

        Filesize

        920KB

        Download

      • memory/2748-2-0x00007FF9D5900000-0x00007FF9D63C1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/2748-3-0x000000001AFF0000-0x000000001B002000-memory.dmp

        Filesize

        72KB

        Download

      • memory/2748-4-0x000000001B820000-0x000000001B9E2000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/2748-34-0x000000001C330000-0x000000001C3A6000-memory.dmp

        Filesize

        472KB

        Download

      • memory/2748-56-0x00007FF9D5903000-0x00007FF9D5905000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2748-57-0x00007FF9D5900000-0x00007FF9D63C1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/2748-58-0x000000001DBA0000-0x000000001E0C8000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/2748-60-0x00007FF9D5900000-0x00007FF9D63C1000-memory.dmp

        Filesize

        10.8MB

        Download