Analysis

  • max time kernel
    53s
  • max time network
    57s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    01-07-2020 16:08

General

  • Target

    d5c5b23355fd928c660358f5ca0ae439.exe

  • Size

    312KB

  • MD5

    d5c5b23355fd928c660358f5ca0ae439

  • SHA1

    87508a996eac3dae3ce463c7de2c3ee3b4812cc2

  • SHA256

    178cf2e50182606e000719ee8b7caa9c620950155542d10de6dd7eb5a2a34d01

  • SHA512

    e18bf114428037b3df3a62c76fdec73d2790c27e4ebc0beca8bda69e65c544aed7606917b21ac85af07a18575f3da4a3941695f517176668ba1dee1e368da430

Score
7/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Checks for installed software on the system 1 TTPs 30 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5c5b23355fd928c660358f5ca0ae439.exe
    "C:\Users\Admin\AppData\Local\Temp\d5c5b23355fd928c660358f5ca0ae439.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Checks for installed software on the system
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:832

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads