Analysis
-
max time kernel
139s -
max time network
147s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
10-11-2020 11:21
Static task
static1
Behavioral task
behavioral1
Sample
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe
Resource
win7v20201028
General
-
Target
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe
-
Size
105KB
-
MD5
807e6774adf4407a46df7747058a880c
-
SHA1
80a7a31cac60601b082e2535563d06b1e9505d94
-
SHA256
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b
-
SHA512
c5d0cd3c100fc1865217120c4c77755a2e86e832300cf80c160699e327c25b0e724b8a65e644dc935d17665a8f7525beb31e836352c5a679af53a661633339e8
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exedescription pid process Token: SeImpersonatePrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeTcbPrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeChangeNotifyPrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeCreateTokenPrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeBackupPrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeRestorePrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeIncreaseQuotaPrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe Token: SeAssignPrimaryTokenPrivilege 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe -
Suspicious use of UnmapMainImage 1 IoCs
Processes:
d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exepid process 2036 d0b6573a025d5d79dd2a5f627702b12f36b87a95c156be1826bb552a27c9003b.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1660-0-0x000007FEF6B90000-0x000007FEF6E0A000-memory.dmpFilesize
2.5MB