Analysis
-
max time kernel
140s -
max time network
178s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
04-02-2022 14:01
General
-
Target
35061832b19b2266148ff7fb755676b4d29f7ad5c2c25d0a31541a226c61ffbe.exe
-
Size
93KB
-
MD5
3ebea54d37ce5b28938586eb8cf3f988
-
SHA1
19b23a1f31e43a24525c0e7a895d62fbbd7b0ee6
-
SHA256
35061832b19b2266148ff7fb755676b4d29f7ad5c2c25d0a31541a226c61ffbe
-
SHA512
b6972fb6f45e0471c6b3743089795ad57fa6063dda536b07aaccb925b235b028a3a2af527801d649d4f98d349b69332034b142c66c5dc4c09410b7dcc107d8c6
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\35061832b19b2266148ff7fb755676b4d29f7ad5c2c25d0a31541a226c61ffbe.exe"C:\Users\Admin\AppData\Local\Temp\35061832b19b2266148ff7fb755676b4d29f7ad5c2c25d0a31541a226c61ffbe.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 14562⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/544-56-0x0000000000340000-0x0000000000341000-memory.dmpFilesize
4KB
-
memory/840-54-0x00000000754B1000-0x00000000754B3000-memory.dmpFilesize
8KB