Overview

overview

10

Static

static

10

67a62cb441...ba.exe

windows7-x64

10

67a62cb441...ba.exe

windows10-2004-x64

10

67c679ac1d...4d.exe

windows7-x64

10

67c679ac1d...4d.exe

windows10-2004-x64

10

67e080e7fb...78.exe

windows7-x64

10

67e080e7fb...78.exe

windows10-2004-x64

10

67e78da23e...0e.exe

windows7-x64

8

67e78da23e...0e.exe

windows10-2004-x64

8

67e9ff3c0b...3e.exe

windows7-x64

7

67e9ff3c0b...3e.exe

windows10-2004-x64

7

682b4b814e...27.exe

windows7-x64

10

682b4b814e...27.exe

windows10-2004-x64

10

68461a12fa...a4.exe

windows7-x64

10

68461a12fa...a4.exe

windows10-2004-x64

10

68921d96c9...34.exe

windows7-x64

10

68921d96c9...34.exe

windows10-2004-x64

10

68aaab301e...db.exe

windows7-x64

10

68aaab301e...db.exe

windows10-2004-x64

10

68b8408aa7...2b.exe

windows7-x64

7

68b8408aa7...2b.exe

windows10-2004-x64

7

68e912a390...88.exe

windows7-x64

10

68e912a390...88.exe

windows10-2004-x64

10

68fef6943e...6c.exe

windows7-x64

10

68fef6943e...6c.exe

windows10-2004-x64

10

691fe746ab...24.exe

windows7-x64

8

691fe746ab...24.exe

windows10-2004-x64

8

692a24fa9e...4b.exe

windows7-x64

10

692a24fa9e...4b.exe

windows10-2004-x64

10

69319ee860...9e.exe

windows7-x64

7

69319ee860...9e.exe

windows10-2004-x64

7

6947cb60fe...09.exe

windows7-x64

1

6947cb60fe...09.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67e78da23e09ae504200e107f8bd9c60081203120fd9f7abb56696c552dc520e.exe

  • Size

    3.4MB

  • MD5

    465dbd72a357767abad74e20eb2c1d96

  • SHA1

    b76518e1ee07d968e3888371fd58327b9593c7f0

  • SHA256

    67e78da23e09ae504200e107f8bd9c60081203120fd9f7abb56696c552dc520e

  • SHA512

    f6622aabec3290ca2bf483f8a07e930179bb5dbd4aeeb8f9b96debe543885fef8d4b7ad8cdc8ccab0231e7f50c68bc42dd301b9ba0007bcd2dee5b21878da246

  • SSDEEP

    98304:ZRS6nfSOQZOt+CW+7EELhF3gxpNOf2k2Y/HK/:Zkj8NBFwxpNOuk2MK/

Score
8/10
defense_evasionexecutionspywarestealer

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
    defense_evasionexecution
  • Deletes itself 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Launches sc.exe 2 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67e78da23e09ae504200e107f8bd9c60081203120fd9f7abb56696c552dc520e.exe
    "C:\Users\Admin\AppData\Local\Temp\67e78da23e09ae504200e107f8bd9c60081203120fd9f7abb56696c552dc520e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Users\Admin\AppData\Local\Temp\dIyH2nICBtu.exe
      "C:\Users\Admin\AppData\Local\Temp\dIyH2nICBtu.exe" QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxUZW1wXDY3ZTc4ZGEyM2UwOWFlNTA0MjAwZTEwN2Y4YmQ5YzYwMDgxMjAzMTIwZmQ5ZjdhYmI1NjY5NmM1NTJkYzUyMGUuZXhl
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\system32\cmd.exe
        "cmd.exe" /C sc stop "SysMain" & sc config "SysMain" start=disabled
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:776
        • C:\Windows\system32\sc.exe
          sc stop "SysMain"
          4⤵
          • Launches sc.exe
          PID:3036
        • C:\Windows\system32\sc.exe
          sc config "SysMain" start=disabled
          4⤵
          • Launches sc.exe
          PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\dIyH2nICBtu.exe
    Filesize

    3.6MB

    MD5

    87f78d6685a40f4deccb151f51c9cfc3

    SHA1

    74ab423343b5cdf122f1b32a9e41f02a3387ab9c

    SHA256

    d7705b34dd36c77ccbb97f66f10aac93d9f486131369442d00f419b759690ac6

    SHA512

    6256f666e71a6cf5deec26b89e290b3511a7e6226e283fbfeb89891a58de67222709f64b8fbc307300fdcac9440d529b3333d65c015328a6098c99611f891fb5

    Download Submit

  • memory/2080-6-0x0000000000670000-0x0000000000674000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2080-9-0x00000000006A0000-0x00000000006A6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2080-3-0x0000000000640000-0x0000000000670000-memory.dmp

    Filesize

    192KB

    Download

  • memory/2080-4-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2080-5-0x000000001D380000-0x000000001D7B8000-memory.dmp

    Filesize

    4.2MB

    Download

  • memory/2080-0-0x000007FEF5783000-0x000007FEF5784000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2080-7-0x0000000000690000-0x0000000000696000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2080-22-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2080-1-0x000000013F3A0000-0x000000013F6C4000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2080-10-0x00000000008D0000-0x0000000000902000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2080-2-0x000000001C470000-0x000000001C760000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2080-11-0x0000000000980000-0x0000000000984000-memory.dmp

    Filesize

    16KB

    Download

  • memory/2080-8-0x0000000002690000-0x000000000272C000-memory.dmp

    Filesize

    624KB

    Download

  • memory/2740-20-0x000000013F9E0000-0x000000013FD04000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/2740-21-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2740-23-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2740-24-0x00000000008D0000-0x0000000000902000-memory.dmp

    Filesize

    200KB

    Download

  • memory/2740-25-0x000000001B550000-0x000000001B5C2000-memory.dmp

    Filesize

    456KB

    Download

  • memory/2740-26-0x00000000007B0000-0x00000000007B6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2740-28-0x00000000008C0000-0x00000000008CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2740-27-0x00000000008C0000-0x00000000008CA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2740-30-0x000007FEF5780000-0x000007FEF616C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2740-31-0x00000000008C0000-0x00000000008CA000-memory.dmp

    Filesize

    40KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.