Analysis
-
max time kernel
146s -
max time network
152s -
platform
windows7_x64 -
resource
win7 -
submitted
09-07-2020 18:21
General
-
Target
pwininilogs.exe
-
Size
906KB
-
MD5
a6d1fc86bf6a7b4b7eb6a01ed59e8447
-
SHA1
d890abdf1a97d66dfcf4d1567d44c29136bc4d7a
-
SHA256
54121c9dd36d52b71a8fae8703d496f747f65c21c19446087328747ebfe576a5
-
SHA512
b6fd5f306a4a2fdfb9d4a58461b17a819e2d5bfbde6c57645e2a368740d327f65daed977d1f555a7ed00142b100ea44e523d5761dc1097c408b72899578136dc
Score
7/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
Processes
-
C:\Users\Admin\AppData\Local\Temp\pwininilogs.exe"C:\Users\Admin\AppData\Local\Temp\pwininilogs.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Users\Admin\AppData\Local\Temp\pwininilogs.exe"{path}"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Adds Run entry to start application
- Suspicious behavior: RenamesItself
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
304KB
-
Filesize
304KB
-
Filesize
304KB