Analysis
-
max time kernel
82s -
max time network
125s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
04/09/2020, 19:47
General
-
Target
Corporate_Detail-June.2020.bin.exe
-
Size
1.3MB
-
MD5
6b083c1bfd21eea2a3f18283f1f3c5f5
-
SHA1
929b10f78565660535a07917d144d00b0c117571
-
SHA256
f2363a355fe226cb2f7f1afa72daecc5edfe1cb0edc1295856fb3f874d941b6d
-
SHA512
1ef2561ac5784bb90a1d39ab82f6f01122453bbe22cd55fa0a49aa534a7ece00c48b2bf1d31537e3fc5a447d1293bc23165c6a1fb00df2b3fda37a2eee62ee71
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
JavaScript code in executable 2 IoCs
-
Drops file in Windows directory 1 IoCs
-
Modifies data under HKEY_USERS 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Corporate_Detail-June.2020.bin.exe"C:\Users\Admin\AppData\Local\Temp\Corporate_Detail-June.2020.bin.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\11bdd939-1d45-421c-9be0-0addcdc8181c_windows.exe"C:\Users\Admin\AppData\Local\Temp\11bdd939-1d45-421c-9be0-0addcdc8181c_windows.exe"2⤵
- Executes dropped EXE
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -s WinHttpAutoProxySvc1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.6MB