Overview

overview

10

Static

static

10

3072193fbb...36.exe

windows7_x64

1

3072193fbb...36.exe

windows10_x64

7

Analysis

  • max time kernel
    95s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    16-06-2021 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3072193fbb271c8400b427bfd22ac936.exe

  • Size

    214KB

  • MD5

    3072193fbb271c8400b427bfd22ac936

  • SHA1

    be521f536e9766c6faf840315c9bedab8501b023

  • SHA256

    d696d93b0b75d1fcd1c14fddc65cbbd7fb96bf706a04a608174d9828b1e344da

  • SHA512

    0e704c1fbb4b55d8d78edaa4b051d6188c27f6d1b44ebc14b755ea86e7f53b80bdba931926aa14e5419794475d017c0d36318c81ea52ace6220eca210cd8b877

Score
7/10
persistencespywarestealer

Malware Config

Signatures

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3072193fbb271c8400b427bfd22ac936.exe
    "C:\Users\Admin\AppData\Local\Temp\3072193fbb271c8400b427bfd22ac936.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:648

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/648-114-0x0000000002460000-0x0000000002461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/648-115-0x0000000002461000-0x0000000002462000-memory.dmp

    Filesize

    4KB

    Download