Analysis
-
max time kernel
4294183s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
11-04-2022 02:54
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7-20220311-en
windows7_x64
0 signatures
0 seconds
General
-
Target
1.exe
-
Size
7.4MB
-
MD5
6013d9edcffeba86d2005652e25ff28c
-
SHA1
4ec549088f002bb90339e09a49f4dcdfd30feb5a
-
SHA256
77c66b88869b232a86e9c7dffc9485a2b70a7334294b103374e7c682639f2f8e
-
SHA512
67eaaaf158f8b1905a0f4c2750f7e11b85facf77e8c658057bcacda556011e62924ed1934dcfc3c2b8fbbe52a89c50d7339695b9fb864aeaa6173c6d1df0627a
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Local\Temp\C:\Users\Admin\AppData\Local\Temp\1.exe.lock 1.exe -
Suspicious behavior: EnumeratesProcesses 27 IoCs
pid Process 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe 1980 1.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1980 1.exe