Overview

overview

10

Static

static

86fc141655...6d.exe

windows7_x64

10

86fc141655...6d.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    140s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    15-05-2022 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86fc141655ef3842be861de3ad4f566d.exe

  • Size

    330KB

  • MD5

    86fc141655ef3842be861de3ad4f566d

  • SHA1

    626fe12a4a925355053d1a0cd70e9eedaea6fc0e

  • SHA256

    b86b2701c8e065a75b55d8a8fcf6cc980e21d5587e7f2a9def7bfdbdcc386651

  • SHA512

    a5453ae840855523e728c33df3abe9e7230aa6d9a63305fea3de6433dbba188e98de4dc978948023b890009c0b1c515496bfd8818d27827bfdfad09bf494edf0

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86fc141655ef3842be861de3ad4f566d.exe
    "C:\Users\Admin\AppData\Local\Temp\86fc141655ef3842be861de3ad4f566d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 1928
      2⤵
      • Program crash
      PID:4076
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3764 -ip 3764
    1⤵
      PID:5100
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
      1⤵
        PID:1748

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Credentials in Files

      2
      T1081

      Discovery

      Query Registry

      1
      T1012

      Lateral Movement

      Collection

      Data from Local System

      2
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3764-130-0x00000000005BD000-0x00000000005E7000-memory.dmp
        Filesize

        168KB

        Download
      • memory/3764-131-0x0000000002110000-0x0000000002147000-memory.dmp
        Filesize

        220KB

        Download
      • memory/3764-132-0x0000000000400000-0x00000000004E8000-memory.dmp
        Filesize

        928KB

        Download
      • memory/3764-133-0x0000000004B90000-0x0000000005134000-memory.dmp
        Filesize

        5.6MB

        Download
      • memory/3764-134-0x00000000051B0000-0x00000000057C8000-memory.dmp
        Filesize

        6.1MB

        Download
      • memory/3764-135-0x0000000005870000-0x0000000005882000-memory.dmp
        Filesize

        72KB

        Download
      • memory/3764-136-0x0000000005890000-0x000000000599A000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/3764-137-0x00000000059A0000-0x00000000059DC000-memory.dmp
        Filesize

        240KB

        Download
      • memory/3764-138-0x0000000006920000-0x0000000006996000-memory.dmp
        Filesize

        472KB

        Download
      • memory/3764-139-0x00000000069D0000-0x0000000006A62000-memory.dmp
        Filesize

        584KB

        Download
      • memory/3764-140-0x0000000006AF0000-0x0000000006B0E000-memory.dmp
        Filesize

        120KB

        Download
      • memory/3764-141-0x0000000006CF0000-0x0000000006D56000-memory.dmp
        Filesize

        408KB

        Download
      • memory/3764-142-0x0000000007320000-0x00000000074E2000-memory.dmp
        Filesize

        1.8MB

        Download
      • memory/3764-143-0x00000000074F0000-0x0000000007A1C000-memory.dmp
        Filesize

        5.2MB

        Download