fa1d70af040761d5630378246b84f00a9c4011373bfde4449237c3302cf28be5

Analysis

Target

fa1d70af040761d5630378246b84f00a9c4011373bfde4449237c3302cf28be5.exe
Size

737KB
MD5

033b31e7624165b8fd7b497d7567c59a
SHA1

8f41df2153a5a74eedf0dc2c7b6ded71301e16be
SHA256

fa1d70af040761d5630378246b84f00a9c4011373bfde4449237c3302cf28be5
SHA512

97d46b541a2888fb86d386a20c56e0cfc81dc14d41f9492f0e13241ce316192b0f74a972cea700a6562910f44861d5ad06b47fca5c08e0068c154d9703f56eb5

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1572	fa1d70af040761d5630378246b84f00a9c4011373bfde4449237c3302cf28be5.exe

C:\Users\Admin\AppData\Local\Temp\fa1d70af040761d5630378246b84f00a9c4011373bfde4449237c3302cf28be5.exe
"C:\Users\Admin\AppData\Local\Temp\fa1d70af040761d5630378246b84f00a9c4011373bfde4449237c3302cf28be5.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1572

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1572-54-0x0000000076491000-0x0000000076493000-memory.dmp

Filesize
8KB

Download