Analysis
-
max time kernel
116s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
06-08-2022 06:16
Static task
static1
General
-
Target
bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe
-
Size
76KB
-
MD5
50484efa94fe7d4bd1a41cdf7295eb6a
-
SHA1
082f3a188d2881ac18c5a90b76ea74eea4bbe6df
-
SHA256
bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6
-
SHA512
0790aff27479c797cd596f543c670d48d2b7e6270ad7570c51cc007860a4ea94033b578f6824b5738e57f62df0420f7d2f41ef677cfdb7ae22b884d9742d85e0
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exepid process 4724 bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exedescription pid process Token: SeDebugPrivilege 4724 bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe"C:\Users\Admin\AppData\Local\Temp\bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken