Overview

overview

10

Static

static

d67160c55e...db.exe

windows7_x64

10

d67160c55e...db.exe

windows10-2004_x64

5

Analysis

  • max time kernel
    36s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    24-05-2022 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db.exe

  • Size

    1.1MB

  • MD5

    ac3c74a419d6c61c9f18aec6da2e7000

  • SHA1

    2a3f031f0922cd78d3796b680f3112e36ac7da6c

  • SHA256

    d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db

  • SHA512

    54b7cac2bfbef5a6f7ba01e7d9b3754d8adcc1a3ff99a121e5848ebcab7601863c0f7e2f5b97d1493f0808c576ebcab205ae8dd1539acb98c43e2e0d3c04a08e

Score
10/10
poullightspywarestealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer Payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db.exe
    "C:\Users\Admin\AppData\Local\Temp\d67160c55ef2a362bb4d2d6a4b625ba9e70faba676b2f0e8c6fb67bf3c69c8db.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1004
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 1484
      2⤵
      • Program crash
      PID:684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/684-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1004-54-0x0000000075AE1000-0x0000000075AE3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1004-55-0x0000000000A30000-0x0000000000DB4000-memory.dmp
    Filesize

    3.5MB

    Download