Overview

overview

7

Static

static

galadriel

windows7_x64

7

Resubmissions

11-02-2021 08:57

210211-8wdaflwvr2 7

10-01-2021 18:11

210110-q3s2qpa8sa 10

Analysis

  • max time kernel
    76s
  • max time network
    277s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    11-02-2021 08:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b0000.exe.exe

  • Size

    79KB

  • MD5

    6654235619b25fd70f0233aec854e0ea

  • SHA1

    35b3ffe69da3c97ac10240a83dd413d78c1deff8

  • SHA256

    83956ff42ffb6c352e3257a55ab76416b120a1cbf6b1f92672d50c4b8fae404f

  • SHA512

    fb15de14ce4667f66ac6b6fc9fc3dfa9898a9e9f061c4e496f36567d9dcae43336d093bb0030ecdfccb570b8df66843a61a45dc6e0891da051ab0eaac92cf158

Score
7/10
spyware

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b0000.exe.exe
    "C:\Users\Admin\AppData\Local\Temp\1b0000.exe.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1856

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1856-2-0x0000000074590000-0x0000000074C7E000-memory.dmp
    Filesize

    6.9MB

    Download
  • memory/1856-3-0x0000000000A70000-0x0000000000A71000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1856-5-0x0000000004D10000-0x0000000004D11000-memory.dmp
    Filesize

    4KB

    Download