Overview

overview

7

Static

static

10 mins

windows7_x64

7

30 mins

windows7_x64

7

30 mins Win10

windows10_x64

7

10 mins Win10

windows10_x64

7

Resubmissions

28-10-2020 11:13

201028-y8ahpbqxx6 7

28-10-2020 00:25

201028-ndxae1c7qe 10

Analysis

  • max time kernel
    582s
  • max time network
    581s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    28-10-2020 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fltMC7e0.exe

  • Size

    976KB

  • MD5

    30d365051e1c8ef9a84843ac9b10998f

  • SHA1

    4a01901391b9899b9d07ccff4f8c4521d4644faa

  • SHA256

    d11866e458626e81d4aa4bd9fdb441bec5a684ccaf7b786acddb95377d66b72f

  • SHA512

    8b5a4b88943bd3920fe0ab84369f1e1577a10c869c5c8ebf78e54e84352828adf3326fb368ce6ac9915939712e912ac400bfa750ad05b13f22fb5020ab125829

Score
7/10
spyware

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fltMC7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\fltMC7e0.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Windows\system32\wermgr.exe
      C:\Windows\system32\wermgr.exe
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1508-3-0x0000000002E00000-0x0000000002E3B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/1508-5-0x0000000000370000-0x0000000000374000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1508-6-0x0000000002750000-0x0000000002754000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1672-4-0x0000000000000000-mapping.dmp

    Download