Analysis
-
max time kernel
150s -
max time network
160s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 22:30
Static task
static1
Behavioral task
behavioral1
Sample
70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
-
Size
92KB
-
MD5
afd0fd73b658168e31480fa3f0fef267
-
SHA1
a2579217dd963ac5a5d474bac08085c632124cfe
-
SHA256
70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2
-
SHA512
d773200722ce9f3cd2fa15dfca5d18368b3df6d2cb70a62e8d4f251a1228b253fdf2ecaeb457c1a7192e328686ee385c55246ebc48fed68231c518602c689c4a
Malware Config
Signatures
-
Poullight Stealer Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1872-54-0x0000000001000000-0x000000000101E000-memory.dmp family_poullight -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exepid process 1872 70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe 1872 70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exedescription pid process Token: SeDebugPrivilege 1872 70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe"C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1872-54-0x0000000001000000-0x000000000101E000-memory.dmpFilesize
120KB