Analysis
-
max time kernel
53s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
20-11-2020 07:11
Static task
static1
Behavioral task
behavioral1
Sample
2c7f7e20c7a34ee2741439521012189a.exe
Resource
win7v20201028
General
-
Target
2c7f7e20c7a34ee2741439521012189a.exe
-
Size
933KB
-
MD5
2c7f7e20c7a34ee2741439521012189a
-
SHA1
2c6cc4d6dc0f6979b31f7c0198be0cd67a420e0d
-
SHA256
295e83465c510501f5c2a7f998f0f1b83bead17be26d226c4eafa2867190027e
-
SHA512
95063c163b0936b7fafeb9ddfea786cc1f50f9f236bc88dfc4b45bef5087ba1d12547a49814f19215c98be3ba9acab354a06a5062d6dadd3e85acf353bba6992
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 16 api.ipify.org -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
2c7f7e20c7a34ee2741439521012189a.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 2c7f7e20c7a34ee2741439521012189a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 2c7f7e20c7a34ee2741439521012189a.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
2c7f7e20c7a34ee2741439521012189a.exepid process 508 2c7f7e20c7a34ee2741439521012189a.exe 508 2c7f7e20c7a34ee2741439521012189a.exe