Analysis
-
max time kernel
91s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
03-08-2022 02:06
General
-
Target
dbf20dc429b1ae7162eae6fe859333e380c57f1681dac.exe
-
Size
443KB
-
MD5
99342a4b5ce806ef4ab2a6d89ba8e99e
-
SHA1
99ae91c56960c1149ecdc56b92f0c236c369c1f7
-
SHA256
dbf20dc429b1ae7162eae6fe859333e380c57f1681dac1b31f401b209e0e93fd
-
SHA512
d84cadb85d8deb204fcadb8dde53b68c255c0926f5d979792b8a9335874848c2ca25148f53d0b7a7ce5fcfca5fea8e118ad0090a76884112dc448b55532517f8
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dbf20dc429b1ae7162eae6fe859333e380c57f1681dac.exe"C:\Users\Admin\AppData\Local\Temp\dbf20dc429b1ae7162eae6fe859333e380c57f1681dac.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5004-130-0x0000000000559000-0x0000000000584000-memory.dmpFilesize
172KB
-
memory/5004-131-0x00000000021D0000-0x0000000002208000-memory.dmpFilesize
224KB
-
memory/5004-132-0x0000000000400000-0x000000000047D000-memory.dmpFilesize
500KB
-
memory/5004-133-0x0000000004C40000-0x00000000051E4000-memory.dmpFilesize
5.6MB
-
memory/5004-134-0x00000000051F0000-0x0000000005808000-memory.dmpFilesize
6.1MB
-
memory/5004-135-0x0000000005810000-0x0000000005822000-memory.dmpFilesize
72KB
-
memory/5004-136-0x0000000005830000-0x000000000593A000-memory.dmpFilesize
1.0MB
-
memory/5004-137-0x0000000005950000-0x000000000598C000-memory.dmpFilesize
240KB
-
memory/5004-138-0x00000000068C0000-0x0000000006952000-memory.dmpFilesize
584KB
-
memory/5004-139-0x0000000006970000-0x00000000069E6000-memory.dmpFilesize
472KB
-
memory/5004-140-0x0000000006BA0000-0x0000000006BBE000-memory.dmpFilesize
120KB
-
memory/5004-141-0x0000000006C50000-0x0000000006CB6000-memory.dmpFilesize
408KB
-
memory/5004-142-0x00000000073B0000-0x0000000007572000-memory.dmpFilesize
1.8MB
-
memory/5004-143-0x0000000007580000-0x0000000007AAC000-memory.dmpFilesize
5.2MB
-
memory/5004-144-0x0000000007AF0000-0x0000000007B40000-memory.dmpFilesize
320KB
-
memory/5004-145-0x0000000000559000-0x0000000000584000-memory.dmpFilesize
172KB
-
memory/5004-146-0x0000000000400000-0x000000000047D000-memory.dmpFilesize
500KB