Analysis
-
max time kernel
152s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
21-05-2022 11:20
Static task
static1
Behavioral task
behavioral1
Sample
Документы 29.07.2019.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
Документы 29.07.2019.exe
-
Size
196KB
-
MD5
f2403ac020b62308e185b8aabc9006ae
-
SHA1
bfcfc605155649aa6458f64017b9305888a8264f
-
SHA256
bf5d3d55d30106e2d6c520eb7d43727f98c7e438257650908e7434ed99c590bb
-
SHA512
392db48c2c418533ab2989e38a1c9f0b3b9a7898c9f29f014dd2120eedaa6f21259ff96615fc4d246e76ed315d514a7e59c1d5385dea59a58889b25b7511396d
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Документы 29.07.2019.exedescription pid process target process PID 3336 wrote to memory of 904 3336 Документы 29.07.2019.exe Документы 29.07.2019.exe PID 3336 wrote to memory of 904 3336 Документы 29.07.2019.exe Документы 29.07.2019.exe PID 3336 wrote to memory of 904 3336 Документы 29.07.2019.exe Документы 29.07.2019.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Документы 29.07.2019.exe"C:\Users\Admin\AppData\Local\Temp\Документы 29.07.2019.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Документы 29.07.2019.exe"C:\Users\Admin\AppData\Local\Temp\Документы 29.07.2019.exe" dfsr2⤵