Analysis
-
max time kernel
25s -
max time network
12s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 08:05
General
-
Target
8892709206b1488a8859080c914f05419d1f094148bacec1abe2f1b18a0ec7b1.bin.sample.exe
-
Size
966KB
-
MD5
a70c0b2b2f978a488216909f18b9a942
-
SHA1
8529c643ccc52008504baf7b55e0d37f8081fd7a
-
SHA256
8892709206b1488a8859080c914f05419d1f094148bacec1abe2f1b18a0ec7b1
-
SHA512
4e36d64233226595a2271381b6417d2e294001d98dfe21db88adad40aca205c5c2928506955d24d132fef0ee725571b96d0f65b6a423e39e080f73846ffab5ad
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8892709206b1488a8859080c914f05419d1f094148bacec1abe2f1b18a0ec7b1.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\8892709206b1488a8859080c914f05419d1f094148bacec1abe2f1b18a0ec7b1.bin.sample.exe"1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README.TXT1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\Desktop\README.TXTMD5
4eebee90a99037b6527e488fa94fbc75
SHA1a8d607e6ab732d65d855f7cb16844bc57acb155a
SHA2562bb3cca6da2d3dd804edbfc6cf6c6f8d20f84f01dfed9b04b02cbcf295fcfed8
SHA512f769a5999afa8e9b18daa886720eadaaa513fd5127159b4c3398de759bd2f7ad62064a7da9f0364278c755a25eff9a63c6b5478f2b5a0c2e715a1cb6712cbbd3
-
memory/1764-1-0x000007FEF6350000-0x000007FEF65CA000-memory.dmpFilesize
2.5MB