Analysis
-
max time kernel
188s -
max time network
207s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
06-02-2022 12:46
General
-
Target
525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe
-
Size
1.1MB
-
MD5
f61b6543fa50129b2a18c778c10c8f9c
-
SHA1
ff73721c5a733765db6a850b56c602a5fe39af70
-
SHA256
525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f
-
SHA512
d00bb238c3b64b88c1037074835777e0154ca0aabcb05965c07b67c965a07bfc8cc3ef63971ad5499c233ce6bd3d7fef650f39a6de775f68f29ad25439526984
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Windows directory 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe"C:\Users\Admin\AppData\Local\Temp\525290a0b745ca14629504364609587f123d5b924004c5e542703d8eaf127c3f.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2780-347-0x00000269B8F90000-0x00000269B8FA0000-memory.dmpFilesize
64KB
-
memory/2780-354-0x00000269BBD10000-0x00000269BBD14000-memory.dmpFilesize
16KB