Overview

overview

7

Static

static

ac.exe

windows7_x64

7

ac.exe

windows10_x64

7

Resubmissions

27/02/2024, 01:36

240227-b1mtqsdg2v 10

10/10/2020, 04:17

201010-bxlhq7f792 7

Analysis

  • max time kernel
    81s
  • max time network
    150s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    10/10/2020, 04:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac.exe

  • Size

    396KB

  • MD5

    5cddc68460463a32782f94c595dea500

  • SHA1

    786ad838dfbea097f192727d90bc899073ae3260

  • SHA256

    023fb24e4591fcbbff6096a61e7cbfb79bc1bade9236dd0db6ede7ab1e00bf9f

  • SHA512

    e8828d612037a5baf32fa6576cacea2b3c02c5618d7f750e86d4d73aec81a0d93989f754c8f2fa63bb2275f12ff4d740ef4c26db3882ada4f2ab1e5964700715

Score
7/10
spyware

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac.exe
    "C:\Users\Admin\AppData\Local\Temp\ac.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:408
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Powershell.exe
      "Powershell" Add-MpPreference -ExclusionPath '"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoLAN\ddvlc.exe"'
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3916
    • C:\Users\Admin\AppData\Local\Temp\ac.exe
      "C:\Users\Admin\AppData\Local\Temp\ac.exe"
      2⤵
        PID:3012
      • C:\Users\Admin\AppData\Local\Temp\ac.exe
        "C:\Users\Admin\AppData\Local\Temp\ac.exe"
        2⤵
          PID:2948

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/408-1-0x0000000000670000-0x0000000000671000-memory.dmp

        Filesize

        4KB

        Download

      • memory/408-3-0x0000000004E80000-0x0000000004EDF000-memory.dmp

        Filesize

        380KB

        Download

      • memory/408-0-0x0000000073700000-0x0000000073DEE000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/408-5-0x0000000002840000-0x000000000284D000-memory.dmp

        Filesize

        52KB

        Download

      • memory/2948-7-0x0000000000400000-0x0000000000493000-memory.dmp

        Filesize

        588KB

        Download

      • memory/2948-10-0x0000000000400000-0x0000000000493000-memory.dmp

        Filesize

        588KB

        Download

      • memory/3916-13-0x0000000007DC0000-0x0000000007DC1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-17-0x00000000089E0000-0x00000000089E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-6-0x0000000073700000-0x0000000073DEE000-memory.dmp

        Filesize

        6.9MB

        Download

      • memory/3916-11-0x0000000007720000-0x0000000007721000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-12-0x00000000076D0000-0x00000000076D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-14-0x0000000007F30000-0x0000000007F31000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-15-0x0000000007FF0000-0x0000000007FF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-16-0x0000000008360000-0x0000000008361000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-9-0x0000000004C60000-0x0000000004C61000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-18-0x0000000008770000-0x0000000008771000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-20-0x0000000009530000-0x0000000009563000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3916-27-0x0000000009510000-0x0000000009511000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-28-0x00000000096E0000-0x00000000096E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-29-0x0000000009A40000-0x0000000009A41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-30-0x00000000099F0000-0x00000000099F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3916-32-0x00000000099E0000-0x00000000099E1000-memory.dmp

        Filesize

        4KB

        Download