Overview

overview

10

Static

static

a627d0e346...bc.exe

windows7-x64

10

a627d0e346...bc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-08-2022 08:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a627d0e346fcbf98c5fa6853a9b91ebc.exe

  • Size

    414KB

  • MD5

    a627d0e346fcbf98c5fa6853a9b91ebc

  • SHA1

    3710195b1603236cd7e217bb39f62a85433af7bd

  • SHA256

    c0e52ade412fef542b58dc361fa58884c83d372d814f0eccf7431d6164c91ad1

  • SHA512

    48e05079bbf1ae6ff2cc33b22940d5ae8c7de11cac48b03ba1a40c151642a6d14746a4f7d143f16a0f82192b750c100165f837fc9c6a8b348174b765e42753c0

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a627d0e346fcbf98c5fa6853a9b91ebc.exe
    "C:\Users\Admin\AppData\Local\Temp\a627d0e346fcbf98c5fa6853a9b91ebc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3044
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 2524
      2⤵
      • Program crash
      PID:1920
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3044 -ip 3044
    1⤵
      PID:4604

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    2
    T1081

    Discovery

    Query Registry

    1
    T1012

    Lateral Movement

    Collection

    Data from Local System

    2
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3044-130-0x000000000052E000-0x0000000000558000-memory.dmp
      Filesize

      168KB

      Download
    • memory/3044-131-0x00000000021C0000-0x00000000021F8000-memory.dmp
      Filesize

      224KB

      Download
    • memory/3044-132-0x0000000000400000-0x0000000000484000-memory.dmp
      Filesize

      528KB

      Download
    • memory/3044-133-0x0000000004DF0000-0x0000000005394000-memory.dmp
      Filesize

      5.6MB

      Download
    • memory/3044-134-0x00000000053A0000-0x00000000059B8000-memory.dmp
      Filesize

      6.1MB

      Download
    • memory/3044-135-0x0000000004C40000-0x0000000004C52000-memory.dmp
      Filesize

      72KB

      Download
    • memory/3044-136-0x0000000004C60000-0x0000000004D6A000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/3044-137-0x0000000004D90000-0x0000000004DCC000-memory.dmp
      Filesize

      240KB

      Download
    • memory/3044-138-0x00000000068E0000-0x0000000006972000-memory.dmp
      Filesize

      584KB

      Download
    • memory/3044-139-0x0000000006990000-0x00000000069F6000-memory.dmp
      Filesize

      408KB

      Download
    • memory/3044-140-0x0000000006CF0000-0x0000000006D66000-memory.dmp
      Filesize

      472KB

      Download
    • memory/3044-141-0x0000000006DF0000-0x0000000006E0E000-memory.dmp
      Filesize

      120KB

      Download
    • memory/3044-142-0x0000000007130000-0x0000000007180000-memory.dmp
      Filesize

      320KB

      Download
    • memory/3044-143-0x0000000007380000-0x0000000007542000-memory.dmp
      Filesize

      1.8MB

      Download
    • memory/3044-144-0x0000000007550000-0x0000000007A7C000-memory.dmp
      Filesize

      5.2MB

      Download
    • memory/3044-145-0x000000000052E000-0x0000000000558000-memory.dmp
      Filesize

      168KB

      Download
    • memory/3044-146-0x0000000000400000-0x0000000000484000-memory.dmp
      Filesize

      528KB

      Download