2da5e33b3e0a7bf86bbd2e28d6214b10c835d98ebebd0eb1e0f35c195613dc94

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-en-20211014
submitted
10-11-2021 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17b57e346f1b5eecc8a37dd405eb5b76.exe
Size

104KB
MD5

17b57e346f1b5eecc8a37dd405eb5b76
SHA1

f120c1acd341ceff5e35c8891c007406ff8986bc
SHA256

2da5e33b3e0a7bf86bbd2e28d6214b10c835d98ebebd0eb1e0f35c195613dc94
SHA512

79c39cad1ca5aad3d568a0e1665ffeea02e546dacbde42132e26944d99caf87dc6f9e5b0db98c9077911d3cb210607a43e12d0b242aec77b2a3755bb588b9208

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

17b57e346f1b5eecc8a37dd405eb5b76.exe

pid process

1976 17b57e346f1b5eecc8a37dd405eb5b76.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

17b57e346f1b5eecc8a37dd405eb5b76.exe

description pid process

Token: SeDebugPrivilege 1976 17b57e346f1b5eecc8a37dd405eb5b76.exe

pid	process
1976	17b57e346f1b5eecc8a37dd405eb5b76.exe

description	pid	process
Token: SeDebugPrivilege	1976	17b57e346f1b5eecc8a37dd405eb5b76.exe

C:\Users\Admin\AppData\Local\Temp\17b57e346f1b5eecc8a37dd405eb5b76.exe
"C:\Users\Admin\AppData\Local\Temp\17b57e346f1b5eecc8a37dd405eb5b76.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1976

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-55-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1976-57-0x0000000004910000-0x0000000004911000-memory.dmp

Filesize
4KB

Download