Overview

overview

10

Static

static

10

1738744083...ed.exe

windows7-x64

10

1738744083...ed.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-02-2025 08:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1738744083b545f25dec4f43b54c665120158933d79a07108e8e28f4f5d6ab2ec58cdd6385466.dat-decoded.exe

  • Size

    897KB

  • MD5

    ad6fe420229c7620517e19e643571c17

  • SHA1

    eed9cb9ce763afcd5d96073a5d7b5748c1c4f28e

  • SHA256

    a77aafbb23e8e830c27a832b4cfb7c50d4b2a0bd94c466ed35c94e06f26f6c7d

  • SHA512

    c21fb37ab458f5560ea1eea02bedcc2a57e8441e6b4ef1b363113eff7e97328930603cf43a205fe45841201f6131f43b8f6ee013b86399ecde22c82a4b22c6a3

  • SSDEEP

    24576:4+0Q+i45RyIz+gDymKYESup7qAPJNEOfK+pW1Q4R3fiRT2DHDO4jU5oa/0u7xsQ7:N

Score
10/10
obj3ctivitycollectiondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Detects Obj3ctivity Stage1 1 IoCs

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealer
  • Obj3ctivity family
    obj3ctivity
  • Obj3ctivity, PXRECVOWEIWOEI

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealerobj3ctivity
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1738744083b545f25dec4f43b54c665120158933d79a07108e8e28f4f5d6ab2ec58cdd6385466.dat-decoded.exe
    "C:\Users\Admin\AppData\Local\Temp\1738744083b545f25dec4f43b54c665120158933d79a07108e8e28f4f5d6ab2ec58cdd6385466.dat-decoded.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • outlook_office_path
    • outlook_win_path
    PID:2520
    • C:\Windows\system32\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      2⤵
      • System Network Configuration Discovery: Wi-Fi Discovery
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:2828
        • C:\Windows\system32\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:2816
        • C:\Windows\system32\findstr.exe
          findstr All
          3⤵
            PID:2604
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2648

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2520-0-0x000007FEF53E3000-0x000007FEF53E4000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2520-1-0x00000000010A0000-0x0000000001186000-memory.dmp

        Filesize

        920KB

        Download

      • memory/2520-2-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2520-32-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2520-33-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

        Filesize

        9.9MB

        Download