8f43d2c1630f4d4fe28389f350bbb4770129ee14b473e32ec7e809ba5c684771

General

Target

e776fe7340671ed955e5ffdb69939756.exe
Size

352KB
MD5

e776fe7340671ed955e5ffdb69939756
SHA1

1760d714f1bbdda2d82f3af90c483148fb5e65b7
SHA256

8f43d2c1630f4d4fe28389f350bbb4770129ee14b473e32ec7e809ba5c684771
SHA512

d8e908e3fb35b0fe31a0821329c96efc5e87dcbc6421b32ddf1ae2d7ef27339a14314f16020ccd1c3bd8f9f1af65e9b29a05eeef946661651465011aff9fe3e2

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2464 2772 WerFault.exe e776fe7340671ed955e5ffdb69939756.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

e776fe7340671ed955e5ffdb69939756.exe

pid process

2772 e776fe7340671ed955e5ffdb69939756.exe
2772 e776fe7340671ed955e5ffdb69939756.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

e776fe7340671ed955e5ffdb69939756.exe

description pid process

Token: SeDebugPrivilege 2772 e776fe7340671ed955e5ffdb69939756.exe

pid	pid_target	process	target process
2464	2772	WerFault.exe	e776fe7340671ed955e5ffdb69939756.exe

pid	process
2772	e776fe7340671ed955e5ffdb69939756.exe
2772	e776fe7340671ed955e5ffdb69939756.exe

description	pid	process
Token: SeDebugPrivilege	2772	e776fe7340671ed955e5ffdb69939756.exe

C:\Users\Admin\AppData\Local\Temp\e776fe7340671ed955e5ffdb69939756.exe
"C:\Users\Admin\AppData\Local\Temp\e776fe7340671ed955e5ffdb69939756.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 1144
2⤵
- Program crash
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2772 -ip 2772
1⤵
PID:3224

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2

T1081

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Data from Local System

2

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2772-130-0x00000000004EC000-0x0000000000516000-memory.dmp

Filesize
168KB

Download
memory/2772-131-0x00000000004EC000-0x0000000000516000-memory.dmp

Filesize
168KB

Download
memory/2772-132-0x00000000008C0000-0x00000000008F7000-memory.dmp

Filesize
220KB

Download
memory/2772-133-0x0000000000400000-0x0000000000462000-memory.dmp

Filesize
392KB

Download
memory/2772-134-0x0000000004AE0000-0x0000000005084000-memory.dmp

Filesize
5.6MB

Download
memory/2772-135-0x0000000005090000-0x00000000056A8000-memory.dmp

Filesize
6.1MB

Download
memory/2772-136-0x00000000056C0000-0x00000000056D2000-memory.dmp

Filesize
72KB

Download
memory/2772-137-0x00000000056E0000-0x00000000057EA000-memory.dmp

Filesize
1.0MB

Download
memory/2772-138-0x0000000004AD4000-0x0000000004AD6000-memory.dmp

Filesize
8KB

Download
memory/2772-139-0x0000000005830000-0x000000000586C000-memory.dmp

Filesize
240KB

Download
memory/2772-140-0x0000000005B10000-0x0000000005B86000-memory.dmp

Filesize
472KB

Download
memory/2772-141-0x0000000005B90000-0x0000000005C22000-memory.dmp

Filesize
584KB

Download
memory/2772-142-0x0000000005DC0000-0x0000000005DDE000-memory.dmp

Filesize
120KB

Download
memory/2772-143-0x0000000005E30000-0x0000000005E96000-memory.dmp

Filesize
408KB

Download
memory/2772-144-0x0000000007230000-0x00000000073F2000-memory.dmp

Filesize
1.8MB

Download
memory/2772-145-0x0000000007410000-0x000000000793C000-memory.dmp

Filesize
5.2MB

Download

Analysis

Sharing