Analysis
-
max time kernel
101s -
max time network
113s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20250113-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
19/01/2025, 12:11
General
-
Target
Driver3.0.exe
-
Size
7.7MB
-
MD5
5e39a415380d4b09d92f20632aecf450
-
SHA1
cd19874bd1bc6b141614fa30ed5a80ec6915e235
-
SHA256
451a9144749655514c6cb9b2a5f798228e43ba7be372cbefd1bc6d00d0cb206c
-
SHA512
eb2a9c904a68d84e8fd33cfde908f2b88bf5b89524a4edebf99420c2640bc16953a65ba1b158a375d190295a8b8491748fcb8ee1b9c2ea6ab27b2a6628e9b0f0
-
SSDEEP
196608:71IVOr/Bg9iZl3BqVPpAgyc2acnhcPQwjQwX746KFduGv:71IVOr/BXtBqVPpAs2auc4Ff5dl
Malware Config
Signatures
-
Loads dropped DLL 18 IoCs
pid Process 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe 3796 Driver3.0.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 1 discord.com 2 discord.com -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Driver3.0.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Driver3.0.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4668 wrote to memory of 3796 4668 Driver3.0.exe 83 PID 4668 wrote to memory of 3796 4668 Driver3.0.exe 83 PID 4668 wrote to memory of 3796 4668 Driver3.0.exe 83
Processes
-
C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe"C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4668 -
C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe"C:\Users\Admin\AppData\Local\Temp\Driver3.0.exe"2⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3796
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5e4ca3dce43b1184bb18ff01f3a0f1a40
SHA1604611d559ca41e73b12c362de6acf84db9aee43
SHA2560778c7e17016895bb6962a9774acc5568afa1a50ba309b7d9726c89dad70bdbf
SHA512137c884afa1b0b731bbd523abb47b83f31487a6ca051487292bc2a9eb7f103a0d3974fa743014018bd564be957210bdcd62c822f4ffb6441aee23b444c23e812
-
Filesize
77KB
MD5b85b771a656911b152925434e948e5b6
SHA138549c9a3c19f7672ced7739b6ef39e59e6f15e7
SHA256c0a8cbcb8dd86d43b179698cc94ef3664ec1f69868f1249088376928477c6c24
SHA512e425a239e4b6ecdb0a6762576816dea3c4f608a0df94b804c6f58db2d42db3690928da63f53e7d83d8745b2e8188b35aed25249fa13455eeceb001eaf51d6080
-
Filesize
143KB
MD50902dd1a037f758905320782eb5b5789
SHA160f7a41259a3e4427967a17e764f177e1782301c
SHA256c93ecec95e754ef9604af91cac523d2bdbe86ae803a37d1cfeefb00da977fb95
SHA5124283447337fabc6d8375055072c2d926a72e2767077d86b789158a41664b8fc426a3258c2676a12ba97e955c77254c5ad8f700148a691527dc623052327bbe29
-
Filesize
114KB
MD59920db5cdbcd1e69591ec24566a6eda1
SHA10a0ddbdd707a99df9db5374303d77e601496aed4
SHA256d17a08eb7744162192eec8c99fbc2a6781bc9fba915d3751e6cd1d25b81d4dd1
SHA512de95fdf48e3c95c9a714bff4e27db29733fc128a1211ada013f8e3e4cb9e50eb134aeaacb0f6e01afc09418591da19de1f6a5152f6256064af9d61a89c10ace6
-
Filesize
38KB
MD5330910a91b474545512d5b1b1576b8dc
SHA1db4bdf2869ad1ea2109d43704ad104562c069b55
SHA25615a177ffaceeda7d420a0046f04618499ae6b5ef6b02bfb1a0d682ef9d464eb9
SHA5129e3786af1121a4a27b4e0bf71058ea60c559401015402d5c8d0b4ac3b8b948b3d410852adf04ed840db4a92cabb8a632a643b7ca8a2af92f751139ad46fe3fef
-
Filesize
155KB
MD578457883e270ba94f462ee6fd9991bfb
SHA1c425f8d1592c002cdbfec1659f052e5d70b60a20
SHA256b1c72ea095304b09439499454ba2738b2332664859b25e3b590102ac38a64562
SHA5122695da6045d3c9cbd846582f05ec547c29dc2e5c27796cf765f8c4e2587537285e9c9aeed86451d55689d75803ed2e72b7ead36c3b236201a6b7715938c3e0f0
-
Filesize
68KB
MD5c60d80f1f1f35f1e923c452b3c67f326
SHA1156d792b770aa6eaee002099f13a129d424ac8f9
SHA256568971a512409e205b9242171bb55daa120b8d6b6faec2f7a30415ec13ab83e7
SHA5129f499cb40a31dbc62af3ac36c5eae961a392654147ba2ea01f647decddf2712e4ecddd2accf9e313c855d381ecf61930c61ded0c77bfae52c5d570a977aa1c71
-
Filesize
139KB
MD50de0a1a820602c7014009c03d8a34690
SHA16ee30a699b00360bfecde274cf5393e0b33f694c
SHA256da498586b6b7831bec4fecdb2f0420b88d5ae64293c88c4c4fb3fa3715ed71fa
SHA51247f77bb81f7f90fbccf3ffd41b3fb55d8422319d4a5eb93a13b54fa7f0288db4f798ae6ce4bc3d3c2b9d6d4ff75c9fc2729e90ff3a7aa3cfcf20732fac8a37ed
-
Filesize
772KB
MD5563ca59463328fd39b4e8cc1553652e2
SHA1083bd40ea0bbb1b47a8f929723fd69fe54848acf
SHA256785a948e8d6071e04745cbb8bc0e85a52633a3a6593f2ee2179e2166b8383dde
SHA512b2cabb7bbaa5752366981938239c508f535fee2b796fec4a46b0dc1cab9017712d00c1795b336ee82c08e6e71fd62bd2778448fa6a74e1ce3a287764a522684e
-
Filesize
2.1MB
MD530e87036433cb25bf2ece650e90aec3f
SHA123d509e09be0af5a3c4d486dedec14e9143be4d8
SHA256dc6a770ab8f499f66b9ea96fbefd05cb17aaa1dd9cf0ba24234c5836befe6443
SHA5128bed1f6908cc91c2a4adf7e1f835ed4b92a1217d77c548be1acf1f59e919077ee2a4969a928ce4867974627cdc624510152aa4838db4930a920d9127693dc7c7
-
Filesize
1.6MB
MD537c5ac5332d0dee2784ef2fc1da72c98
SHA1d9e65ebeb10ddaff996b38cad1c109c6671cbb3a
SHA256c5fbbd2e7daaa8aa3a5e3937621b191b7eda09a3ab686f347b100dc18d32fc96
SHA5124cf6a01a0730cba2b60609d9f3cb0ec3cd4ec35b7e16345da91febb59395a477af1e264463e0eb30e9f76a8be71dbbcab7d4b708bb517fd7444a88e8b6fe1d4e
-
Filesize
2.1MB
MD5c7298cd5232cf8f6e34b3404fc276266
SHA1a043e0ff71244a65a9c2c27c95622e6cc127b932
SHA2561e95a63b165672accde92a9c9f8b9052c8f6357344f1376af9f916aeeb306da3
SHA512212b0c5d27615e8375d32d1952beee6b8292f38aae9c9612633839c4b102fcdb2555c3ee206f0df942df49cddb1d833e2773d7dc95a367a0c6628b871d6c6892
-
Filesize
28KB
MD5bc20614744ebf4c2b8acd28d1fe54174
SHA1665c0acc404e13a69800fae94efd69a41bdda901
SHA2560c7ec6de19c246a23756b8550e6178ac2394b1093e96d0f43789124149486f57
SHA5120c473e7070c72d85ae098d208b8d128b50574abebba874dda2a7408aea2aabc6c4b9018801416670af91548c471b7dd5a709a7b17e3358b053c37433665d3f6b
-
Filesize
526KB
MD59c266951ad1d135f50884069b4f096b7
SHA18d228026bf26ee1c83521afd84def1383028de52
SHA25606958c63049e2d7fe1f56df3767e884023a76bba1f41319f7fab3439b28174c5
SHA512df7fcc98246cd5cd37bd5b8bb3eb5e4849c0f7c1098108b8a591611a2185999d353e42d150edf68c0b02ac3bec704f407eb35ebd7c540f6a8224a4ab498bc19f
-
Filesize
58KB
MD5b9d69e6cc10b50367db83dab09bb33ce
SHA1ce69f30320216ffe1a5da59d2f3e320486141fcb
SHA256dffc357e3fdc3277b4337f27f75248a19f6628c7d2b855e4ca8fffddeac716e3
SHA5127b09e7d5a424aa56e10a71d2bc87345e97b8156d03012de84397992477860ae14320f59551835ff3722cff0fdfa2f881a526098ab33d019b0c677a89e24241d0
-
Filesize
3.9MB
MD52b5f50cc676c7fe476062064155da697
SHA1d04fe5c342549e83bceb15294f029382946ba3c8
SHA25659db58d5a51d258ee980298fd429f40bf373a0ba81c5e0625925fc7a46c809a7
SHA5121d98e097cb054fd9428b4ffa6241eeed87bc160b0968c5eecffc5288ec88df8d3632d77c759a0919bfddf50ca989d4c542361dcccfa669b6ea30f2211707947d
-
Filesize
24KB
MD518fb38786f8b0d9054a5f81e41fa4293
SHA1f0c93d17012dca9b89039667d2d9367b40f991c1
SHA256fced60bdf3e79c48407e4f903469ab7a36ecf304cbf03e65eb712da6529aae98
SHA5124aaf6276665dca76696b5801f7a82900dcec3e7eeb56787678d65551dd26ab6b9aabac0dc218b6306ad39408044498fb98a95e7bd4cb70662f68c68c55caf602
-
Filesize
1.0MB
MD5e1f715fcd3c852a016084d4d78fbeaae
SHA130c45e9a42a52047c091cef0060e0d1daea20a32
SHA256f11480cb47ee949bcda4fb9e0d345dd4f0c23bfce691df90cf352ab9503b934e
SHA512b925054397a151e8cee195dc17afb79fa260288fd6e5dee59a5d99c5c5cf300d718b52051bba67503e09085bd277710bab9109940d52a74f080315be45bebf21