Overview

overview

10

Static

static

10

de739e39b4...4d.exe

windows7-x64

10

de739e39b4...4d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/03/2025, 07:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de739e39b443896784ac47a54e6ff177aa1a0276972f8fcefefd89096feb324d.exe

  • Size

    274KB

  • MD5

    212e21699f779492a3d7258caae09adb

  • SHA1

    1a0ce654cfa010cc8fa134a7b51fa9cfe1a81f37

  • SHA256

    de739e39b443896784ac47a54e6ff177aa1a0276972f8fcefefd89096feb324d

  • SHA512

    53458096654ec266d5ca03d960d1a9178ea136d33db5d11fcd45aeafacd8613cc71214784a3c5a3fc064c2e6c521f5d0f5e570b5fc4fd94a3613cf33facb14fb

  • SSDEEP

    3072:pT59B82ObyQfpUdzd0v4HCmE2uiUSHSzNyS46sNDQgD3h6cAufDlCx8ieI/KQ73o:t5962fQebXCFD43WGRQkD05xq

Score
10/10
44caliberspywarestealer

Malware Config

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • 44Caliber family
    44caliber
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 2 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de739e39b443896784ac47a54e6ff177aa1a0276972f8fcefefd89096feb324d.exe
    "C:\Users\Admin\AppData\Local\Temp\de739e39b443896784ac47a54e6ff177aa1a0276972f8fcefefd89096feb324d.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\44\Process.txt
    Filesize

    444B

    MD5

    24e98cbf862e5214397440c3020a203f

    SHA1

    0926aff5f617ac19c326a59c98bada02ebe372e4

    SHA256

    c4a20099186fcfaee97484d0f0057eae05d1f725ef5316ceb03482eebb5b2603

    SHA512

    d02514960406b242fcfcb70e8049f407f90c99c5d58d4a324fc2531e61c746ef086ef3096d4b6d0aadefc762cb6ae501676b888a35d6b05074d49b864d55b721

    Download Submit

  • memory/1868-0-0x000007FEF5493000-0x000007FEF5494000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1868-1-0x00000000009C0000-0x0000000000A0A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1868-14-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1868-49-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

    Filesize

    9.9MB

    Download