Overview

overview

10

Static

static

3

4363463463...63.exe

windows7-x64

10

4363463463...63.exe

windows10-2004-x64

8

New Text D...od.exe

windows7-x64

10

New Text D...od.exe

windows10-2004-x64

8

New Text D...od.exe

windows7-x64

8

New Text D...od.exe

windows10-2004-x64

8

Resubmissions

14-02-2025 01:10

250214-bjsnnayne1 10

14-02-2025 01:00

250214-bc5pmsymhw 10

13-02-2025 05:01

250213-fnkwtstpgw 10

13-02-2025 04:24

250213-e1kk6atmaz 10

13-02-2025 04:08

250213-eqe8patkgx 8

12-02-2025 23:56

250212-3yzt3azrdx 10

12-02-2025 23:44

250212-3rgd5szmbm 10

12-02-2025 23:19

250212-3a9dlazkep 10

12-02-2025 13:32

250212-qs211ssrfr 10

Analysis

  • max time kernel
    240s
  • max time network
    244s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12-02-2025 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    New Text Document mod.exe

  • Size

    8KB

  • MD5

    69994ff2f00eeca9335ccd502198e05b

  • SHA1

    b13a15a5bea65b711b835ce8eccd2a699a99cead

  • SHA256

    2e2e035ece4accdee838ecaacdc263fa526939597954d18d1320d73c8bf810c2

  • SHA512

    ced53147894ed2dfc980bcb50767d9734ba8021f85842a53bb4bb4c502d51b4e9884f5f74c4dd2b70b53cafbe2441376675f7bd0f19bb20a3becb091a34fb9f3

  • SSDEEP

    96:y7ov9wc1dN1Unh3EHJ40CUJCrQt0LpCBIW12nEtgpH9GIkQYQoBNw9fnmK5iLjTv:yZyTFJfCB20LsBIW12n/eIkQ2BNg5S1

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in Program Files directory 42 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe
    "C:\Users\Admin\AppData\Local\Temp\New Text Document mod.exe"
    1⤵
    • Downloads MZ/PE file
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1628
    • C:\Users\Admin\AppData\Local\Temp\a\extension_dropper.exe
      "C:\Users\Admin\AppData\Local\Temp\a\extension_dropper.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\WEBVIE~1\XEBXF6~1.ZIP
    Filesize

    840KB

    MD5

    9c60fbd4a1b10aa8307dcea3e5953710

    SHA1

    2c4d485267af959fadcc544022049366cf136760

    SHA256

    261a4df76a8b4214340ec6142b5cbf5760dcd7a3d3da698fce55ffbdd791267b

    SHA512

    ec54c6df3923c8e8b94e890fbb9c766215adce84cb6af6cdd3249a508719c5b9148b1b09c4b8dc9ebbb4f2f3232c30ef54eec6b4bd9532200cd24ac0bba2bf97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDB63.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDBB4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\a\extension_dropper.exe
    Filesize

    1.1MB

    MD5

    b4c1cb38678259fbbce4f5a1fbb3043a

    SHA1

    25af8f1e94b1e7a1a2c63af74c4040dddf80db55

    SHA256

    021c69f25f7cfeef0cd36094039940b1bdef3c98b9ee1937cdde8f1d4628ed4c

    SHA512

    5c440f7c5abe5163e730af786536ec0c00fb78ac69ebca560d8dadb5d78517bf02ae04e2b7949b0073dbd138683ea665d917aed9bfa9761c7e235061861d90e4

    Download Submit

  • memory/1628-0-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1628-1-0x00000000008C0000-0x00000000008C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1628-2-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1628-3-0x000007FEF5A63000-0x000007FEF5A64000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1628-4-0x000007FEF5A60000-0x000007FEF644C000-memory.dmp

    Filesize

    9.9MB

    Download