Analysis
-
max time kernel
62s -
max time network
127s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
24-06-2021 08:31
General
-
Target
09b950f451b5ea82a536f2b9792f8bf8.exe
-
Size
1.4MB
-
MD5
09b950f451b5ea82a536f2b9792f8bf8
-
SHA1
0e9261eaddfb7dd7a7bc087566dc5fa7a8194bce
-
SHA256
fb4f1f80320365984cc24d8b8afe59f21ada1d07ae9862efb407a3c650bd40a8
-
SHA512
669e9655d32a42a9e6dbc0fe917807bb2bca26214079fe5e29e393f99b5e43f3e2bfd7651d02808d7a6571b34bd817dd094b276aa26f08a72a5c79c98587382c
Score
10/10
Malware Config
Signatures
-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Kills process with taskkill 1 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\09b950f451b5ea82a536f2b9792f8bf8.exe"C:\Users\Admin\AppData\Local\Temp\09b950f451b5ea82a536f2b9792f8bf8.exe"1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3152-115-0x0000000000000000-mapping.dmp
-
memory/3496-114-0x0000000000000000-mapping.dmp