Overview

overview

10

Static

static

10

a77aafbb23...7d.exe

windows7-x64

10

a77aafbb23...7d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-02-2025 07:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a77aafbb23e8e830c27a832b4cfb7c50d4b2a0bd94c466ed35c94e06f26f6c7d.exe

  • Size

    897KB

  • MD5

    ad6fe420229c7620517e19e643571c17

  • SHA1

    eed9cb9ce763afcd5d96073a5d7b5748c1c4f28e

  • SHA256

    a77aafbb23e8e830c27a832b4cfb7c50d4b2a0bd94c466ed35c94e06f26f6c7d

  • SHA512

    c21fb37ab458f5560ea1eea02bedcc2a57e8441e6b4ef1b363113eff7e97328930603cf43a205fe45841201f6131f43b8f6ee013b86399ecde22c82a4b22c6a3

  • SSDEEP

    24576:4+0Q+i45RyIz+gDymKYESup7qAPJNEOfK+pW1Q4R3fiRT2DHDO4jU5oa/0u7xsQ7:N

Score
10/10
obj3ctivitycollectiondiscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Detects Obj3ctivity Stage1 1 IoCs

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealer
  • Obj3ctivity family
    obj3ctivity
  • Obj3ctivity, PXRECVOWEIWOEI

    Obj3ctivity aka PXRECVOWEIWOEI is an infostealer written in C#.

    stealerobj3ctivity
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

    Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

    persistenceprivilege_escalation
  • System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 2 IoCs

    Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a77aafbb23e8e830c27a832b4cfb7c50d4b2a0bd94c466ed35c94e06f26f6c7d.exe
    "C:\Users\Admin\AppData\Local\Temp\a77aafbb23e8e830c27a832b4cfb7c50d4b2a0bd94c466ed35c94e06f26f6c7d.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • outlook_office_path
    • outlook_win_path
    PID:972
    • C:\Windows\SYSTEM32\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      2⤵
      • System Network Configuration Discovery: Wi-Fi Discovery
      • Suspicious use of WriteProcessMemory
      PID:536
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:4136
        • C:\Windows\system32\netsh.exe
          netsh wlan show profile
          3⤵
          • Event Triggered Execution: Netsh Helper DLL
          • System Network Configuration Discovery: Wi-Fi Discovery
          PID:5116
        • C:\Windows\system32\findstr.exe
          findstr All
          3⤵
            PID:2988
      • C:\Windows\system32\msiexec.exe
        C:\Windows\system32\msiexec.exe /V
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2192

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/972-1-0x00000000007B0000-0x0000000000896000-memory.dmp

        Filesize

        920KB

        Download

      • memory/972-0-0x00007FFD1EDE3000-0x00007FFD1EDE5000-memory.dmp

        Filesize

        8KB

        Download

      • memory/972-2-0x00007FFD1EDE0000-0x00007FFD1F8A1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/972-3-0x00000000029D0000-0x00000000029E2000-memory.dmp

        Filesize

        72KB

        Download

      • memory/972-4-0x000000001BE20000-0x000000001BFE2000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/972-34-0x000000001B9D0000-0x000000001BA46000-memory.dmp

        Filesize

        472KB

        Download

      • memory/972-56-0x00007FFD1EDE3000-0x00007FFD1EDE5000-memory.dmp

        Filesize

        8KB

        Download

      • memory/972-57-0x00007FFD1EDE0000-0x00007FFD1F8A1000-memory.dmp

        Filesize

        10.8MB

        Download

      • memory/972-58-0x000000001D050000-0x000000001D578000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/972-60-0x00007FFD1EDE0000-0x00007FFD1F8A1000-memory.dmp

        Filesize

        10.8MB

        Download