Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    09-07-2020 05:09

General

  • Target

    16015107.jpg.exe

  • Size

    293KB

  • MD5

    2d3786bea3b04ecb9f2031f9b7cc858b

  • SHA1

    1edf8c2b9ed788b57ab1601419fc8b99b7caa1c1

  • SHA256

    2293a7d41f1e0868e0ce28fc1379d3ad9ed5e58cdbb84f152e6218da02c9ca8c

  • SHA512

    a529e1c61c3aed33057f1bf7364c07457603d7b776512b76834ccd74adfde93459b277e574634a6faafcf196d0b5f2c1e625fdbb2d88bf6284623b087fcfd5f4

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    eilaheinonen@yandex.com
  • Password:
    550fsjftg@-=)

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\16015107.jpg.exe
    "C:\Users\Admin\AppData\Local\Temp\16015107.jpg.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:992

Network

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Replay Monitor

Loading Replay Monitor...

Downloads