Analysis

  • max time kernel
    134s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    07-07-2020 06:24

General

  • Target

    b1843967b94d29f088ec35143ad94e6e.exe

  • Size

    412KB

  • MD5

    b1843967b94d29f088ec35143ad94e6e

  • SHA1

    013aa99862c45afe518018a4ca5d8b230f94d0da

  • SHA256

    12d8decff8e6285f7bf32161258817d35ebf684c9db5acb26aa79dd6c6e96960

  • SHA512

    1c3a083b48cc8329cee05aa3ac24aadee65e21626f965623fee8fc7779ecdaaeb7096cb7744712a3fccb4a1c9e6231c7b61fd0541e4eb4131a33d1cf14f09ad5

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Checks for installed software on the system 1 TTPs 30 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1843967b94d29f088ec35143ad94e6e.exe
    "C:\Users\Admin\AppData\Local\Temp\b1843967b94d29f088ec35143ad94e6e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    • Checks for installed software on the system
    PID:1400

Network

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Runtime.MSIL.1.0.0.0\NativePRo.dll