Overview

overview

10

Static

static

2192cfe9de...5d.exe

windows7_x64

10

2192cfe9de...5d.exe

windows10_x64

10

Analysis

  • max time kernel
    23s
  • max time network
    148s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    17-08-2021 14:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2192cfe9de1e5450629e508ec785055d.exe

  • Size

    30KB

  • MD5

    2192cfe9de1e5450629e508ec785055d

  • SHA1

    881be66666b9a3c302a56c364c8d9e230ae3854d

  • SHA256

    d56742d377a636a7ced6a503d0ff26e429bde79bb431a26c0ec63f51cf418fba

  • SHA512

    cb1a1c98f6f25fe5cc07ea6ed747c860452267d44682ddaab3ac12b915afef4624713dc55f63dbb928da2974d6482edf289358b43f543a448983b6efce676dbb

Score
10/10
spywarestealersuricata

Malware Config

Signatures

  • suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata: ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)

    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2192cfe9de1e5450629e508ec785055d.exe
    "C:\Users\Admin\AppData\Local\Temp\2192cfe9de1e5450629e508ec785055d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4444

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4444-114-0x0000000000D40000-0x0000000000D41000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4444-116-0x0000000002E20000-0x0000000002E22000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4444-117-0x00000000015B0000-0x00000000015B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4444-118-0x0000000002DB0000-0x0000000002DB4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4444-119-0x000000001B990000-0x000000001BA21000-memory.dmp

    Filesize

    580KB

    Download

  • memory/4444-120-0x000000001C0D0000-0x000000001C15F000-memory.dmp

    Filesize

    572KB

    Download