525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f | Triage

Analysis

max time kernel
124s
max time network
150s
platform
windows7_x64
resource
win7-en-20211208
submitted
06-02-2022 12:46

Sharing

Report Analysis Logs

General

Target

525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe
Size

1.1MB
MD5

f61b6543fa50129b2a18c778c10c8f9c
SHA1

ff73721c5a733765db6a850b56c602a5fe39af70
SHA256

525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f
SHA512

d00bb238c3b64b88c1037074835777e0154ca0aabcb05965c07b67c965a07bfc8cc3ef63971ad5499c233ce6bd3d7fef650f39a6de775f68f29ad25439526984

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe

pid process

1040 525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe

C:\Users\Admin\AppData\Local\Temp\525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe
"C:\Users\Admin\AppData\Local\Temp\525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1040

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1040-54-0x0000000076911000-0x0000000076913000-memory.dmp

Filesize
8KB

Download