Malware Analysis Report

2025-08-10 19:52

Sample ID 250703-gmf2xsvns2
Target 193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e
SHA256 193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e
Tags
discovery spyware stealer upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V16

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e

Threat Level: Shows suspicious behavior

The file 193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery spyware stealer upx

Reads user/profile data of web browsers

UPX packed file

System Location Discovery: System Language Discovery

Unsigned PE

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-07-03 05:55

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-07-03 05:55

Reported

2025-07-03 05:57

Platform

win10v2004-20250619-en

Max time kernel

118s

Max time network

142s

Command Line

"C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe

"C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 c.pki.goog udp
GB 142.250.179.227:80 c.pki.goog tcp

Files

memory/3316-2-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-0-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-4-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-3-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-6-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-7-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-16-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-25-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/3316-26-0x0000000010000000-0x00000000100BC000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2025-07-03 05:55

Reported

2025-07-03 05:57

Platform

win11-20250610-en

Max time kernel

68s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe"

Signatures

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe

"C:\Users\Admin\AppData\Local\Temp\193ca4c819db1e0d63ecfe3efee5156f5b58d195c3af1cc7eb0159cb6dcae41e.exe"

Network

Files

memory/4808-0-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-4-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-2-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-3-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-6-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-7-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-16-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-25-0x0000000010000000-0x00000000100BC000-memory.dmp

memory/4808-26-0x0000000010000000-0x00000000100BC000-memory.dmp