Analysis
-
max time kernel
171s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-06-2022 01:22
General
-
Target
144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe
-
Size
321KB
-
MD5
eb633b7b53815cbe4c12d061063e76ce
-
SHA1
d13b6282807fa2518c483029b9b981a51627e3cc
-
SHA256
144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05
-
SHA512
64cec8e01d66752947a5ecdcde8091a9401d280c0a30a1cb18ef8608cd19a6db67d3fca793e568a68f23bbc5485a6aafa8028608f7e509d51857055d50aacfdf
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses 2FA software files, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe"C:\Users\Admin\AppData\Local\Temp\144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger