Overview

overview

10

Static

static

10

70236db972...b2.exe

windows7_x64

10

70236db972...b2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    166s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe

  • Size

    92KB

  • MD5

    afd0fd73b658168e31480fa3f0fef267

  • SHA1

    a2579217dd963ac5a5d474bac08085c632124cfe

  • SHA256

    70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2

  • SHA512

    d773200722ce9f3cd2fa15dfca5d18368b3df6d2cb70a62e8d4f251a1228b253fdf2ecaeb457c1a7192e328686ee385c55246ebc48fed68231c518602c689c4a

Score
10/10
poullightspywarestealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer Payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe
    "C:\Users\Admin\AppData\Local\Temp\70236db972081f891c2f239e67e7924bae492ddc5fe5073c838eab0a730413b2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2832

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2832-130-0x000001CB0B2F0000-0x000001CB0B30E000-memory.dmp
    Filesize

    120KB

    Download
  • memory/2832-131-0x00007FF8BEA80000-0x00007FF8BF541000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/2832-132-0x000001CB0CEA0000-0x000001CB0CEAA000-memory.dmp
    Filesize

    40KB

    Download
  • memory/2832-133-0x000001CB277B0000-0x000001CB27972000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/2832-134-0x000001CB27EB0000-0x000001CB283D8000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/2832-135-0x000001CB266D0000-0x000001CB266E2000-memory.dmp
    Filesize

    72KB

    Download