Overview

overview

10

Static

static

d9e817bfed...0d.exe

windows7_x64

10

d9e817bfed...0d.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    132s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    15-05-2022 14:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9e817bfed5b63389936d9e61433b50d.exe

  • Size

    347KB

  • MD5

    d9e817bfed5b63389936d9e61433b50d

  • SHA1

    43153e495ea1ac4cebdfb011585afd8f722d21e9

  • SHA256

    21887d134ef45f8c4702d835a92111e905c94b4359b357f8ced432b80420d416

  • SHA512

    de59e992915ecea7d765114a610cdebb3c198d945abdf73dec486eddfb15f3f6456f5e23a73baabe91692929c03537c323d033bc4d411361c12338374ef61660

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9e817bfed5b63389936d9e61433b50d.exe
    "C:\Users\Admin\AppData\Local\Temp\d9e817bfed5b63389936d9e61433b50d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1636
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 1848
      2⤵
      • Program crash
      PID:1528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1636 -ip 1636
    1⤵
      PID:3752
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
      1⤵
        PID:4388

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Credential Access

      Credentials in Files

      2
      T1081

      Discovery

      Query Registry

      1
      T1012

      Lateral Movement

      Collection

      Data from Local System

      2
      T1005

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1636-130-0x0000000002C6D000-0x0000000002C97000-memory.dmp
        Filesize

        168KB

        Download
      • memory/1636-131-0x0000000004770000-0x00000000047A7000-memory.dmp
        Filesize

        220KB

        Download
      • memory/1636-132-0x0000000000400000-0x0000000002B73000-memory.dmp
        Filesize

        39.4MB

        Download
      • memory/1636-133-0x00000000074D0000-0x0000000007A74000-memory.dmp
        Filesize

        5.6MB

        Download
      • memory/1636-134-0x0000000007A80000-0x0000000008098000-memory.dmp
        Filesize

        6.1MB

        Download
      • memory/1636-135-0x0000000004D80000-0x0000000004D92000-memory.dmp
        Filesize

        72KB

        Download
      • memory/1636-136-0x00000000072D0000-0x00000000073DA000-memory.dmp
        Filesize

        1.0MB

        Download
      • memory/1636-137-0x0000000004EC0000-0x0000000004EFC000-memory.dmp
        Filesize

        240KB

        Download
      • memory/1636-138-0x0000000008E70000-0x0000000008ED6000-memory.dmp
        Filesize

        408KB

        Download
      • memory/1636-139-0x00000000091C0000-0x0000000009236000-memory.dmp
        Filesize

        472KB

        Download
      • memory/1636-140-0x0000000009280000-0x0000000009312000-memory.dmp
        Filesize

        584KB

        Download
      • memory/1636-141-0x00000000094B0000-0x00000000094CE000-memory.dmp
        Filesize

        120KB

        Download
      • memory/1636-142-0x0000000009560000-0x0000000009722000-memory.dmp
        Filesize

        1.8MB

        Download
      • memory/1636-143-0x0000000009730000-0x0000000009C5C000-memory.dmp
        Filesize

        5.2MB

        Download