Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7 -
submitted
14-07-2020 05:40
Static task
static1
Behavioral task
behavioral1
Sample
injector.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
injector.exe
Resource
win10v200430
windows10_x64
0 signatures
0 seconds
General
-
Target
injector.exe
-
Size
315KB
-
MD5
bd27acd9bc0ba05847dc0d8ea443e437
-
SHA1
151a2865819859e670a152409ae17ce8ce8f0200
-
SHA256
7b92f03c104ecded53f06eb45ea31c6eec767fa328e571b79cbd804631f49b85
-
SHA512
d2e8baa9177aa9e7e38d431594edc51f83bf75986876ccce83ea16263c4b58dc309e0b364e22c5a2476be5fbe90eec3972bbd00ed7cc0e9564c2b8ab54174876
Score
7/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
injector.execmd.exedescription pid process target process PID 1496 wrote to memory of 1676 1496 injector.exe cmd.exe PID 1496 wrote to memory of 1676 1496 injector.exe cmd.exe PID 1496 wrote to memory of 1676 1496 injector.exe cmd.exe PID 1496 wrote to memory of 1676 1496 injector.exe cmd.exe PID 1676 wrote to memory of 1812 1676 cmd.exe PING.EXE PID 1676 wrote to memory of 1812 1676 cmd.exe PING.EXE PID 1676 wrote to memory of 1812 1676 cmd.exe PING.EXE PID 1676 wrote to memory of 1812 1676 cmd.exe PING.EXE -
Deletes itself 1 IoCs
Processes:
cmd.exepid process 1676 cmd.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Runs ping.exe 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\injector.exe"C:\Users\Admin\AppData\Local\Temp\injector.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\Windows\SysWOW64\cmd.execmd.exe /C ping 1.1.1.1 -n 1 -w 1000 > Nul & Del /f /q "C:\Users\Admin\AppData\Local\Temp\injector.exe"2⤵
- Suspicious use of WriteProcessMemory
- Deletes itself
PID:1676 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 10003⤵
- Runs ping.exe
PID:1812