Overview

overview

10

Static

static

bba7db0944...10.exe

windows7_x64

10

bba7db0944...10.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    141s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    14-05-2022 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bba7db09449a22cfe8f3310bf1238210.exe

  • Size

    371KB

  • MD5

    bba7db09449a22cfe8f3310bf1238210

  • SHA1

    49ce80fb77d7a06c4de52ddf2457e1dfceb7661c

  • SHA256

    ffd0e59168d8d32c26f16e557b26d7fc45a748ae3d2621f40c740848762249a6

  • SHA512

    930a6dae0d84521584022956aa8f6fffc2f1bd17d4b009647fd23dfc600da9936360ac56f3b5c393a9a61e1f6f1c9846d29b3786f6713383c7cf060653fc5168

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bba7db09449a22cfe8f3310bf1238210.exe
    "C:\Users\Admin\AppData\Local\Temp\bba7db09449a22cfe8f3310bf1238210.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3136
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 1800
      2⤵
      • Program crash
      PID:452
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3136 -ip 3136
    1⤵
      PID:4340
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
      1⤵
        PID:4472

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3136-130-0x000000000069C000-0x00000000006C6000-memory.dmp

        Filesize

        168KB

        Download

      • memory/3136-131-0x0000000000980000-0x00000000009B7000-memory.dmp

        Filesize

        220KB

        Download

      • memory/3136-132-0x0000000000400000-0x00000000004F2000-memory.dmp

        Filesize

        968KB

        Download

      • memory/3136-133-0x0000000004B60000-0x0000000005104000-memory.dmp

        Filesize

        5.6MB

        Download

      • memory/3136-134-0x0000000005110000-0x0000000005728000-memory.dmp

        Filesize

        6.1MB

        Download

      • memory/3136-135-0x0000000005740000-0x0000000005752000-memory.dmp

        Filesize

        72KB

        Download

      • memory/3136-136-0x0000000005760000-0x000000000586A000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/3136-137-0x0000000005870000-0x00000000058AC000-memory.dmp

        Filesize

        240KB

        Download

      • memory/3136-138-0x0000000005B80000-0x0000000005BF6000-memory.dmp

        Filesize

        472KB

        Download

      • memory/3136-139-0x0000000005C30000-0x0000000005CC2000-memory.dmp

        Filesize

        584KB

        Download

      • memory/3136-140-0x0000000005E20000-0x0000000005E3E000-memory.dmp

        Filesize

        120KB

        Download

      • memory/3136-141-0x0000000005EC0000-0x0000000005F26000-memory.dmp

        Filesize

        408KB

        Download

      • memory/3136-142-0x00000000066E0000-0x00000000068A2000-memory.dmp

        Filesize

        1.8MB

        Download

      • memory/3136-143-0x00000000068F0000-0x0000000006E1C000-memory.dmp

        Filesize

        5.2MB

        Download