97247e269e05e1e237515fb76795e1d0e17333ed5d88571f6dc37e2c66dc2d4b

Analysis

Target

97247e269e05e1e237515fb76795e1d0e17333ed5d88571f6dc37e2c66dc2d4b.exe
Size

655KB
MD5

47072f5ade427fe5c156fd19fa339610
SHA1

e10e4a87b94f52aad7dab3542fb1be7a2d631736
SHA256

97247e269e05e1e237515fb76795e1d0e17333ed5d88571f6dc37e2c66dc2d4b
SHA512

9e8065dd57bfa2b74ca360fe45cee020a249ad16704e4752b6542251d2b8a4b013b9d2f8a9e9ad6274c1c06888a9c45a178e0941a4a0862455547cc8aa0af21d

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1616	97247e269e05e1e237515fb76795e1d0e17333ed5d88571f6dc37e2c66dc2d4b.exe

C:\Users\Admin\AppData\Local\Temp\97247e269e05e1e237515fb76795e1d0e17333ed5d88571f6dc37e2c66dc2d4b.exe
"C:\Users\Admin\AppData\Local\Temp\97247e269e05e1e237515fb76795e1d0e17333ed5d88571f6dc37e2c66dc2d4b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1616-54-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download