Analysis
-
max time kernel
134s -
max time network
122s -
platform
windows7_x64 -
resource
win7 -
submitted
19-07-2020 17:27
General
-
Target
grabbot_0.1.6.4.vir.exe
-
Size
380KB
-
MD5
33d2c3155d673293e9de6c7392b44a7d
-
SHA1
f86cdd91174265345c013fefac1a260d3de85c23
-
SHA256
121431bbfb1fb3a7ec99580b7af8051b3ef5ef37e9d40eb22119610c3bc9e0f6
-
SHA512
a0d1ec810a73ef997ceba6d4c85280dc650636b6e6439f7eaa53aebfe1605962e3682a3760ccd334724089538d88f6b085019c45381899985d058b725b941a92
Score
7/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 5 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Adds Run key to start application
- Checks whether UAC is enabled
-
C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.6.4.vir.exe"C:\Users\Admin\AppData\Local\Temp\grabbot_0.1.6.4.vir.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory