Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10_x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    08/12/2021, 17:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sample.exe

  • Size

    747KB

  • MD5

    ae99e6a451bc53830be799379f5c1104

  • SHA1

    f79ea5b6b14cbbd947585c78c2446becaef803b7

  • SHA256

    772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631

  • SHA512

    4e109061ec24a4772ad8930a7a6038ff3bc318cf3de6dde3dacdf5f34bb37ead18e82ec5bf377e2b7229df81e0e94a73447c086e74006be321ab0cc414b92e31

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sample.exe
    "C:\Users\Admin\AppData\Local\Temp\sample.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\sample.exe >> NUL
      2⤵
        PID:3108
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1.bat" "
        2⤵
          PID:3504

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads