Analysis
-
max time kernel
71s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
14-06-2022 19:38
General
-
Target
2d5d571c786c7a6d5c297e3c5ee6e7d7f00ac3451954834336a9b1bcaef8b1f7.exe
-
Size
1.4MB
-
MD5
69909e44ed7ac944e7511ea85f1ecd95
-
SHA1
55db4bc03dd1e3d103158ebd5b3f7c32c87e5052
-
SHA256
2d5d571c786c7a6d5c297e3c5ee6e7d7f00ac3451954834336a9b1bcaef8b1f7
-
SHA512
5927bde2aed44644bb5c8d4fb5b5c48df705187a6a85538abf2d5bdc468c6d3c1bb95eb744dccc673dc3561981fd6ac7fec3971064f4fe391940338da69f5ebd
Score
10/10
Malware Config
Signatures
-
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Kills process with taskkill 1 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2d5d571c786c7a6d5c297e3c5ee6e7d7f00ac3451954834336a9b1bcaef8b1f7.exe"C:\Users\Admin\AppData\Local\Temp\2d5d571c786c7a6d5c297e3c5ee6e7d7f00ac3451954834336a9b1bcaef8b1f7.exe"1⤵
- Modifies system certificate store
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd.exe /c taskkill /f /im chrome.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im chrome.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1816-131-0x0000000000000000-mapping.dmp
-
memory/4752-130-0x0000000000000000-mapping.dmp