Analysis
-
max time kernel
104s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
20-05-2022 14:00
General
-
Target
Tovar na vozvrat za etot mesyac.exe
-
Size
1.1MB
-
MD5
b70279fc1c857dc76a50f77a46460657
-
SHA1
fbcabd564c13287b0a0d42026c77006f0c6e7983
-
SHA256
eda6bc27798b7230d63cae9225c466b67b05e788b315e4dc443c43cf1baabfca
-
SHA512
424726d9175411466cb5fb0d99ecb843fb9609506b88e708c13717d5b47921485c370324b08f3f5379b6e7b2266ae30e45f49a6030ad2409446ec971ddbd761f
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe"C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe"C:\Users\Admin\AppData\Local\Temp\Tovar na vozvrat za etot mesyac.exe" dfsr2⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/988-130-0x0000000002270000-0x000000000227E000-memory.dmpFilesize
56KB
-
memory/988-132-0x0000000000400000-0x0000000000522000-memory.dmpFilesize
1.1MB
-
memory/3324-131-0x0000000000000000-mapping.dmp
-
memory/3324-133-0x0000000000400000-0x0000000000522000-memory.dmpFilesize
1.1MB