Overview

overview

7

Static

static

b28fc9836a...32.exe

windows7_x64

7

b28fc9836a...32.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    4294184s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    13-04-2022 09:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b28fc9836a813d8b248224a3fd2a5e32.exe

  • Size

    352KB

  • MD5

    b28fc9836a813d8b248224a3fd2a5e32

  • SHA1

    0549eb66e64febe4805b63a303c806efc0c66816

  • SHA256

    5c7a8f5ee1e39a49be7fa173ed0f3a447908c03d5dbde65669dcc483e19bad9b

  • SHA512

    e06c9ad2495e27a66b0cd9d3bab1a2638e3faf30f7af4e063e29b1f7c34ff45a5bfccd400c53540fd8dd9785b268483908ba078852266040dc3ed7ec6ffce907

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b28fc9836a813d8b248224a3fd2a5e32.exe
    "C:\Users\Admin\AppData\Local\Temp\b28fc9836a813d8b248224a3fd2a5e32.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1800

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1800-54-0x00000000004FE000-0x0000000000527000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1800-55-0x00000000006C0000-0x00000000006F0000-memory.dmp
    Filesize

    192KB

    Download
  • memory/1800-56-0x0000000002120000-0x000000000214E000-memory.dmp
    Filesize

    184KB

    Download
  • memory/1800-57-0x00000000004FE000-0x0000000000527000-memory.dmp
    Filesize

    164KB

    Download
  • memory/1800-58-0x00000000002A0000-0x00000000002D7000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1800-59-0x0000000000400000-0x0000000000462000-memory.dmp
    Filesize

    392KB

    Download
  • memory/1800-60-0x00000000049F4000-0x00000000049F6000-memory.dmp
    Filesize

    8KB

    Download