Overview

overview

10

Static

static

387554209a...67.exe

windows7_x64

10

387554209a...67.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    99s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    21-05-2022 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    387554209a150c0c6b7e21cfcb66d767.exe

  • Size

    356KB

  • MD5

    387554209a150c0c6b7e21cfcb66d767

  • SHA1

    b68c9aad00c0544bd927865b60751430c607623b

  • SHA256

    b49caf872949f71549111d28d0a3abb8567643931b0e8d82eb500711efac308f

  • SHA512

    8fb72a22f8485d7b6147e3819cd51dbf9a9c997b5d30ed5d3f7fb27160496149caad6b923882007f56070ce700eb0cc791b6265c6a5cee661dd946d0ba05654d

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\387554209a150c0c6b7e21cfcb66d767.exe
    "C:\Users\Admin\AppData\Local\Temp\387554209a150c0c6b7e21cfcb66d767.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2532
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 1156
      2⤵
      • Program crash
      PID:1528
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2532 -ip 2532
    1⤵
      PID:4216

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    2
    T1081

    Discovery

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Data from Local System

    2
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2532-130-0x0000000002D7D000-0x0000000002DA9000-memory.dmp
      Filesize

      176KB

      Download
    • memory/2532-131-0x0000000002D10000-0x0000000002D4A000-memory.dmp
      Filesize

      232KB

      Download
    • memory/2532-132-0x0000000007490000-0x0000000007A34000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/2532-133-0x0000000000400000-0x0000000002B75000-memory.dmp
      Filesize

      39.5MB

      Download
    • memory/2532-134-0x0000000007FD0000-0x00000000085E8000-memory.dmp
      Filesize

      6.1MB

      Download
    • memory/2532-135-0x0000000009F10000-0x0000000009F22000-memory.dmp
      Filesize

      72KB

      Download
    • memory/2532-136-0x0000000009F50000-0x000000000A05A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/2532-137-0x000000000A080000-0x000000000A0BC000-memory.dmp
      Filesize

      240KB

      Download
    • memory/2532-138-0x000000000AC70000-0x000000000AD02000-memory.dmp
      Filesize

      584KB

      Download
    • memory/2532-139-0x000000000AD10000-0x000000000AD76000-memory.dmp
      Filesize

      408KB

      Download
    • memory/2532-140-0x000000000B000000-0x000000000B076000-memory.dmp
      Filesize

      472KB

      Download
    • memory/2532-141-0x000000000B200000-0x000000000B21E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/2532-142-0x000000000B700000-0x000000000B8C2000-memory.dmp
      Filesize

      1.8MB

      Download
    • memory/2532-143-0x000000000B8D0000-0x000000000BDFC000-memory.dmp
      Filesize

      5.2MB

      Download
    • memory/2532-144-0x000000000C740000-0x000000000C790000-memory.dmp
      Filesize

      320KB

      Download