Analysis
-
max time kernel
156s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
06-02-2022 08:43
General
-
Target
cca6990245b02a0420348188f2810ad834d375972b5552af9863c48465b9ef99.exe
-
Size
671KB
-
MD5
d45a0824e1d2ee1a361d8fb5fc6a0ef0
-
SHA1
1a84f49b4f2c0559b4e69e29d498b8f2767eb242
-
SHA256
cca6990245b02a0420348188f2810ad834d375972b5552af9863c48465b9ef99
-
SHA512
3929e85411f923fccdc9630bbde86ed285ce7115aa72db434c172280803a71da46ff97f9217a453e41be817574d3e1caae4b6f867cae475c0f9afbf46933d0d0
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Windows directory 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cca6990245b02a0420348188f2810ad834d375972b5552af9863c48465b9ef99.exe"C:\Users\Admin\AppData\Local\Temp\cca6990245b02a0420348188f2810ad834d375972b5552af9863c48465b9ef99.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
16KB