Overview

overview

10

Static

static

INQUIRY_PDF.exe

windows7_x64

10

INQUIRY_PDF.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    170s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    02-05-2022 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    INQUIRY_PDF.exe

  • Size

    1.6MB

  • MD5

    9d436f5ab89ee15932668ab6e921806c

  • SHA1

    26f0eba2485fe893f31cca509a6ed2df5d7d0486

  • SHA256

    1e9ff9549343dcb17dcb137508657a94e5503579e0e0741443b27c732b62fa5c

  • SHA512

    0bd9036ea52f9dc1fa24b696f44985fca31f1cfa92c97ac043979a1c97bffc34b176af50bb3022da18865e01ca18eb13af7801544b41cf121e1359f0eef0c581

Score
10/10
massloggerspywarestealer

Malware Config

Signatures

  • MassLogger

    Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.

    stealerspywaremasslogger
  • MassLogger Main Payload 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\INQUIRY_PDF.exe
    "C:\Users\Admin\AppData\Local\Temp\INQUIRY_PDF.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Users\Admin\AppData\Local\Temp\INQUIRY_PDF.exe
      "C:\Users\Admin\AppData\Local\Temp\INQUIRY_PDF.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\INQUIRY_PDF.exe.log
    Filesize

    425B

    MD5

    4eaca4566b22b01cd3bc115b9b0b2196

    SHA1

    e743e0792c19f71740416e7b3c061d9f1336bf94

    SHA256

    34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

    SHA512

    bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

    Download Submit

  • memory/2260-130-0x0000000000220000-0x00000000003C4000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4928-132-0x0000000000400000-0x0000000000486000-memory.dmp

    Filesize

    536KB

    Download