Analysis
-
max time kernel
129s -
max time network
85s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
10-07-2020 07:40
General
-
Target
TIN1-2007100001-AWB.JPG.exe
-
Size
590KB
-
MD5
d7dfb7d9efc85b906a72b2000f925061
-
SHA1
cfc684a0eacb1f49ff7473524337a8a6600760c0
-
SHA256
dc67ad0f1d9092eca89d3b0efc15e17b3490f9e90e99c5df611322053ce4c709
-
SHA512
3ed669655e28e9e1b6a57e99ebfdbaf608677047c102e7d509c9bdf09f975e8f96cc1a3b569afdf28bc0bdbebba3454fb9bfb312e02d5f62e3db65b6aa37779b
Score
7/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Adds Run entry to start application 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
Processes
-
C:\Users\Admin\AppData\Local\Temp\TIN1-2007100001-AWB.JPG.exe"C:\Users\Admin\AppData\Local\Temp\TIN1-2007100001-AWB.JPG.exe"1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"{path}"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: EnumeratesProcesses
- Adds Run entry to start application
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
296KB
-