Analysis
-
max time kernel
111s -
max time network
124s -
platform
windows7_x64 -
resource
win7 -
submitted
31-07-2020 16:35
Static task
static1
Behavioral task
behavioral1
Sample
matiex.exe
Resource
win7
Behavioral task
behavioral2
Sample
matiex.exe
Resource
win10v200722
General
-
Target
matiex.exe
-
Size
195KB
-
MD5
d1af1a8b0975b5c62a095f147e785535
-
SHA1
c98a74a0d5e41e07fc8ec2e35fa4f491abdd11d7
-
SHA256
4ea222802308d610bd7d4cc4034b7d29258c65bbd42580a87a8b1fec227fb11d
-
SHA512
6874902fbb75b649678912610919e6ae6c74608a81d5ed52a45340892d581de8bdbd8dba59477450c5110f1fc009dbc4abd349b60c02716cb37d0aef20669396
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
matiex.exedescription pid process Token: SeDebugPrivilege 900 matiex.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
matiex.exepid process 900 matiex.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 checkip.dyndns.org