Overview

overview

10

Static

static

10

1.exe

windows7_x64

7

1.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    152s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220331-en
  • submitted
    11-04-2022 02:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.exe

  • Size

    7.4MB

  • MD5

    6013d9edcffeba86d2005652e25ff28c

  • SHA1

    4ec549088f002bb90339e09a49f4dcdfd30feb5a

  • SHA256

    77c66b88869b232a86e9c7dffc9485a2b70a7334294b103374e7c682639f2f8e

  • SHA512

    67eaaaf158f8b1905a0f4c2750f7e11b85facf77e8c658057bcacda556011e62924ed1934dcfc3c2b8fbbe52a89c50d7339695b9fb864aeaa6173c6d1df0627a

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1.exe
    "C:\Users\Admin\AppData\Local\Temp\1.exe"
    1⤵
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3516

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads