Analysis
-
max time kernel
64s -
max time network
136s -
platform
windows10_x64 -
resource
win10-en-20210920 -
submitted
20-10-2021 12:30
Static task
static1
General
-
Target
b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe
-
Size
1.1MB
-
MD5
c6853fe2999d95f65e407f7dada0589a
-
SHA1
42b9178689687ec0c02106a2ee105546d25005a2
-
SHA256
b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e
-
SHA512
673f3b36acddf727d3fe986176b4df76c72a980d8905eebba34d5600989ee9a3e67b4279115f9c3687ee582a1fc857b5a76d6f3450d78451281b43aad3517c04
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
Processes:
b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exepid process 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exepid process 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exedescription pid process Token: SeDebugPrivilege 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exepid process 2620 b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe"C:\Users\Admin\AppData\Local\Temp\b536fccbd081bad7330de47c450a1db6c45fe67261e64c338c7ae5e97b301f1e.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2620-115-0x0000000000B20000-0x0000000000B21000-memory.dmpFilesize
4KB
-
memory/2620-117-0x0000000006330000-0x0000000006331000-memory.dmpFilesize
4KB
-
memory/2620-118-0x0000000005D90000-0x0000000005D91000-memory.dmpFilesize
4KB
-
memory/2620-119-0x0000000005EC0000-0x0000000005EC1000-memory.dmpFilesize
4KB
-
memory/2620-120-0x0000000005DF0000-0x0000000005DF1000-memory.dmpFilesize
4KB
-
memory/2620-121-0x0000000005E30000-0x0000000005E31000-memory.dmpFilesize
4KB
-
memory/2620-122-0x0000000005D20000-0x0000000006326000-memory.dmpFilesize
6.0MB
-
memory/2620-123-0x00000000076B0000-0x00000000076B1000-memory.dmpFilesize
4KB
-
memory/2620-124-0x0000000007DB0000-0x0000000007DB1000-memory.dmpFilesize
4KB
-
memory/2620-125-0x0000000007560000-0x0000000007561000-memory.dmpFilesize
4KB
-
memory/2620-126-0x0000000007880000-0x0000000007881000-memory.dmpFilesize
4KB
-
memory/2620-127-0x00000000087E0000-0x00000000087E1000-memory.dmpFilesize
4KB
-
memory/2620-128-0x0000000007690000-0x0000000007691000-memory.dmpFilesize
4KB
-
memory/2620-129-0x0000000007C00000-0x0000000007C01000-memory.dmpFilesize
4KB
-
memory/2620-130-0x0000000008330000-0x0000000008331000-memory.dmpFilesize
4KB