bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6

Analysis

max time kernel
116s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220721-en
resource tags

arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2022 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe
Size

76KB
MD5

50484efa94fe7d4bd1a41cdf7295eb6a
SHA1

082f3a188d2881ac18c5a90b76ea74eea4bbe6df
SHA256

bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6
SHA512

0790aff27479c797cd596f543c670d48d2b7e6270ad7570c51cc007860a4ea94033b578f6824b5738e57f62df0420f7d2f41ef677cfdb7ae22b884d9742d85e0

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe

pid process

4724 bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe

description pid process

Token: SeDebugPrivilege 4724 bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe

pid	process
4724	bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe

description	pid	process
Token: SeDebugPrivilege	4724	bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe

C:\Users\Admin\AppData\Local\Temp\bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe
"C:\Users\Admin\AppData\Local\Temp\bb0a259b822ca2f1073deeb71782852f474ce21d8fac466907949d9e4b580bd6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4724

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4724-130-0x000001229D5C0000-0x000001229D5D1000-memory.dmp

Filesize
68KB

Download
memory/4724-131-0x00007FFFA4490000-0x00007FFFA4F51000-memory.dmp

Filesize
10.8MB

Download
memory/4724-132-0x00007FFFA4490000-0x00007FFFA4F51000-memory.dmp

Filesize
10.8MB

Download