d11866e458626e81d4aa4bd9fdb441bec5a684ccaf7b786acddb95377d66b72f

Resubmissions

28/10/2020, 11:13

201028-y8ahpbqxx6 7

28/10/2020, 00:25

201028-ndxae1c7qe 10

Analysis

max time kernel
560s
max time network
561s
platform
windows10_x64
resource
win10
submitted
28/10/2020, 11:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fltMC7e0.exe
Size

976KB
MD5

30d365051e1c8ef9a84843ac9b10998f
SHA1

4a01901391b9899b9d07ccff4f8c4521d4644faa
SHA256

d11866e458626e81d4aa4bd9fdb441bec5a684ccaf7b786acddb95377d66b72f
SHA512

8b5a4b88943bd3920fe0ab84369f1e1577a10c869c5c8ebf78e54e84352828adf3326fb368ce6ac9915939712e912ac400bfa750ad05b13f22fb5020ab125829

Score

7^/10

spyware

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3444	wermgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3952	fltMC7e0.exe
3952	fltMC7e0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3952 wrote to memory of 3444	3952	fltMC7e0.exe	77
PID 3952 wrote to memory of 3444	3952	fltMC7e0.exe	77
PID 3952 wrote to memory of 3444	3952	fltMC7e0.exe	77
PID 3952 wrote to memory of 3444	3952	fltMC7e0.exe	77

C:\Users\Admin\AppData\Local\Temp\fltMC7e0.exe
"C:\Users\Admin\AppData\Local\Temp\fltMC7e0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3952
- C:\Windows\system32\wermgr.exe
  C:\Windows\system32\wermgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3444

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3952-3-0x0000000003410000-0x000000000344B000-memory.dmp

Filesize
236KB

Download