Analysis
-
max time kernel
143s -
max time network
139s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
08-07-2020 07:16
Static task
static1
windows7_x64
0 signatures
0 seconds
windows10_x64
0 signatures
0 seconds
General
-
Target
-
Size
274KB
-
MD5
49e12ea6bf08675717560b3d95b7ceba
-
SHA1
c88150ee6a37128dd12e0a5649a0c0ce675fe74e
-
SHA256
1690586a19f9ad9444e773c217ba6c1c57c77cff5ed0535dec7618526ad23dac
-
SHA512
00995544624f59978cb9f4614fa9124552f5b53be0543ca4e54b53e782339ef0ccdd15e22ce1890f114a38bd04af57b11741ed2cf806d329c474914d38556533
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
description pid process Token: SeDebugPrivilege 3656 [email protected] -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
pid process 3656 [email protected] 3656 [email protected] -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
Processes
-
C:\Users\Admin\AppData\Local\Temp\[email protected]"C:\Users\Admin\AppData\Local\Temp\[email protected]"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
PID:3656