Analysis
-
max time kernel
135s -
max time network
116s -
platform
windows10_x64 -
resource
win10 -
submitted
19-07-2020 19:43
General
-
Target
grabbot_0.1.6.8.vir.exe
-
Size
548KB
-
MD5
be69aea7aa08096ad0cb2efa623a9917
-
SHA1
2fb758c34566152131f4124e230e135812247258
-
SHA256
04af2427e4e229d16c7c3bde0898b09abea9625bdd22f6a229a9d0bf0c6d57c5
-
SHA512
1c4cf8bb0150d8ae1cfcab8e914a25bc6b0ae210648e6ba7c3d00e02a3ca961b513694c29827de9090697decc4435b55060bd0a563fb7df417ac59a1bed62bcc
Score
7/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Deletes itself 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 9 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Deletes itself
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.6.8.vir.exe"C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.6.8.vir.exe"2⤵
- Suspicious use of WriteProcessMemory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken