Overview

overview

7

Static

static

11d0eae323...b9.exe

windows7_x64

7

11d0eae323...b9.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    130s
  • max time network
    170s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    03-06-2022 23:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    11d0eae323a754b6904feed1b88b0e170b7887385218bb7d8eafad68c794dab9.exe

  • Size

    220KB

  • MD5

    70a7c04e563624c30971d8d5ee19f72e

  • SHA1

    d8dd38dcb1efa7922329568fc41cae8915bad17d

  • SHA256

    11d0eae323a754b6904feed1b88b0e170b7887385218bb7d8eafad68c794dab9

  • SHA512

    fd16e46561ecbf4abc563915ea594c53413002eff259aa6b403194aa9f21cb460ad5bad2643b6010420cc333f6f59ef1baa63056334bf3c31e858685f0c9bd4d

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 9 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\11d0eae323a754b6904feed1b88b0e170b7887385218bb7d8eafad68c794dab9.exe
    "C:\Users\Admin\AppData\Local\Temp\11d0eae323a754b6904feed1b88b0e170b7887385218bb7d8eafad68c794dab9.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1440
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\MICROS~1\Office\C3D2TM~1.BAT
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3488
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Local\Temp\11d0eae323a754b6904feed1b88b0e170b7887385218bb7d8eafad68c794dab9.exe"
        3⤵
        • Views/modifies file attributes
        PID:4808
      • C:\Windows\SysWOW64\attrib.exe
        attrib -R -S -H "C:\Users\Admin\AppData\Roaming\Microsoft\Office\C3D2.tmp.bat"
        3⤵
        • Views/modifies file attributes
        PID:4740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\MICROS~1\Office\C3D2.tmp.bat
    Filesize

    534B

    MD5

    f6e2a1af8bbed2a3a3b62552949422fa

    SHA1

    6ca4026ed679b89f7d970592f39688c01789531b

    SHA256

    0407a374c2b598143b95a352602e2066967512384f5b795b89af590714d57b09

    SHA512

    6330e136db53280248f6847680dc791f6a48411012831b60a9b6a62c850f2a474329119fd383e841a0c8b6dc3f591ca045dbc478e270fef3390972580fe87e1d

    Download Submit
  • memory/1440-130-0x0000000000400000-0x0000000000438000-memory.dmp
    Filesize

    224KB

    Download
  • memory/1440-132-0x0000000000400000-0x0000000000438000-memory.dmp
    Filesize

    224KB

    Download
  • memory/3488-131-0x0000000000000000-mapping.dmp
    Download
  • memory/4740-135-0x0000000000000000-mapping.dmp
    Download
  • memory/4808-134-0x0000000000000000-mapping.dmp
    Download