Analysis
-
max time kernel
92s -
max time network
140s -
platform
windows10_x64 -
resource
win10 -
submitted
08-07-2020 06:53
General
-
Target
po.exe
-
Size
271KB
-
MD5
8f50e31ef203d266764b6f1f7f9bb955
-
SHA1
d9a2664b307a36e12c83b9174ac42c2fc28e5f73
-
SHA256
fe853873f403fbfa348d5d8439e86fd98e6b70253a5bf85be85f3b9092a3ef14
-
SHA512
3f436a58571c5820073de8dd1e6d03a95b5608eb3c1ca8b97562dda4123dd7037c2609f694acd9ec3d1c7338671d39be11bf907b3694f411cab4adc5b719d7eb
Score
7/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\po.exe"C:\Users\Admin\AppData\Local\Temp\po.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Adds Run entry to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses