Analysis

  • max time kernel
    89s
  • max time network
    118s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    10-07-2020 07:33

General

  • Target

    aKDzIJRX7hjOy0J.exe

  • Size

    423KB

  • MD5

    93acf64e4e9895ba3b94b976af3b41ac

  • SHA1

    66e1c012ac8ce53e3cb25debc75eeadcfd26d45a

  • SHA256

    921c7a4ec72f857913362b7cd75300e57ae805dba29c8ac0e62806295dfa60ce

  • SHA512

    f08f75ddc28cec487489dee06a20f5945a7cc6ad67dd47780887684e1960ec94300219f7574d7acbd02cda35c522cee1d95182515cb4753592888ad058313632

Score
7/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aKDzIJRX7hjOy0J.exe
    "C:\Users\Admin\AppData\Local\Temp\aKDzIJRX7hjOy0J.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3100
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
      "{path}"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious behavior: EnumeratesProcesses
      PID:3864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3864-3-0x0000000000400000-0x000000000044A000-memory.dmp

    Filesize

    296KB

  • memory/3864-4-0x0000000000445FCE-mapping.dmp