Overview

overview

10

Static

static

10

86a06db94a...bd.exe

windows7_x64

7

86a06db94a...bd.exe

windows10_x64

7

Analysis

  • max time kernel
    101s
  • max time network
    103s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-09-2021 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86a06db94a3a3536566f8214033e5abd.exe

  • Size

    112KB

  • MD5

    86a06db94a3a3536566f8214033e5abd

  • SHA1

    505c3d741abf69813b4ceb825b628fc8e416ae10

  • SHA256

    75359481a80ae7253f5a8859cc9d899020a24af197b95f8ef2716a9f011dc3b1

  • SHA512

    4e661a0f42fefeac1f42428172ea834739cf023ab24045c7d84ded85c5de4d8a8a66d745f02c35553fded7a540d259824bd120339ce1c727448173d879a56fcb

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86a06db94a3a3536566f8214033e5abd.exe
    "C:\Users\Admin\AppData\Local\Temp\86a06db94a3a3536566f8214033e5abd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4796

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4796-114-0x0000000000F10000-0x0000000000F11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-116-0x0000000005E10000-0x0000000005E11000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-117-0x0000000005860000-0x0000000005861000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-118-0x0000000005990000-0x0000000005991000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-119-0x0000000005800000-0x0000000005E06000-memory.dmp

    Filesize

    6.0MB

    Download

  • memory/4796-120-0x00000000058C0000-0x00000000058C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-121-0x0000000005920000-0x0000000005921000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-122-0x00000000071D0000-0x00000000071D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-123-0x00000000078D0000-0x00000000078D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-124-0x0000000007460000-0x0000000007461000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-125-0x0000000007580000-0x0000000007581000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-126-0x0000000008300000-0x0000000008301000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-127-0x0000000007530000-0x0000000007531000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-128-0x00000000076E0000-0x00000000076E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4796-129-0x0000000008000000-0x0000000008001000-memory.dmp

    Filesize

    4KB

    Download