Overview

overview

10

Static

static

10

86a06db94a...bd.exe

windows7_x64

7

86a06db94a...bd.exe

windows10_x64

7

Analysis

  • max time kernel
    145s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    26-09-2021 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86a06db94a3a3536566f8214033e5abd.exe

  • Size

    112KB

  • MD5

    86a06db94a3a3536566f8214033e5abd

  • SHA1

    505c3d741abf69813b4ceb825b628fc8e416ae10

  • SHA256

    75359481a80ae7253f5a8859cc9d899020a24af197b95f8ef2716a9f011dc3b1

  • SHA512

    4e661a0f42fefeac1f42428172ea834739cf023ab24045c7d84ded85c5de4d8a8a66d745f02c35553fded7a540d259824bd120339ce1c727448173d879a56fcb

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86a06db94a3a3536566f8214033e5abd.exe
    "C:\Users\Admin\AppData\Local\Temp\86a06db94a3a3536566f8214033e5abd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1564

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1564-53-0x00000000013B0000-0x00000000013B1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1564-55-0x0000000001280000-0x0000000001281000-memory.dmp
    Filesize

    4KB

    Download