Analysis
-
max time kernel
55s -
max time network
69s -
platform
windows7_x64 -
resource
win7 -
submitted
13-07-2020 06:59
Static task
static1
Behavioral task
behavioral1
Sample
e06bfb1a6b645d6437051b4ba950a92e.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
General
-
Target
e06bfb1a6b645d6437051b4ba950a92e.exe
-
Size
496KB
-
MD5
e06bfb1a6b645d6437051b4ba950a92e
-
SHA1
8b18f74b9300dc03df7f826e65d424320cd5cd53
-
SHA256
fa377574c99698cd65d8897d93e96c287dff271d4838107aeac36e7a843c1053
-
SHA512
e6a5c00f5ea78a3beb4ab8db9d96d4e61781a72904f0a5340134c5ce413719a12f3802ff259e9e4eb238f4f236fbe27b31d495927ab7949914ac2861a8773ffa
Malware Config
Signatures
-
Checks for installed software on the system 1 TTPs 30 IoCs
Processes:
e06bfb1a6b645d6437051b4ba950a92e.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key opened \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{00203668-8170-44A0-BE44-B632FA4D780F}\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IEData\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-A90000000001}\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{f4220b74-9edd-4ded-bc8b-0342c1e164d8}\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE40\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB4087364\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WIC\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BB8B979E-E336-47E7-96BC-1031C1B94561}\DisplayName e06bfb1a6b645d6437051b4ba950a92e.exe Key enumerated \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall e06bfb1a6b645d6437051b4ba950a92e.exe Key queried \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall e06bfb1a6b645d6437051b4ba950a92e.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
e06bfb1a6b645d6437051b4ba950a92e.exedescription pid process Token: SeDebugPrivilege 240 e06bfb1a6b645d6437051b4ba950a92e.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
e06bfb1a6b645d6437051b4ba950a92e.exepid process 240 e06bfb1a6b645d6437051b4ba950a92e.exe