Overview

overview

10

Static

static

WH.exe

windows7-x64

10

WH.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    59s
  • max time network
    56s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2022 03:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WH.exe

  • Size

    273KB

  • MD5

    4a15c27773db7b3ac91a2be1de895173

  • SHA1

    625bde1fd654a29fe75bdbd9a49b438e084e927f

  • SHA256

    f7e074da1593f80a7c94216e70de0f6c3f68cddfa8a61f6e5680e7ce587f50fe

  • SHA512

    f08cb5a2f3c802bd3652e86dfe992df67eea393f989d3ac3f0a2bf0b1d08111bc1cec50eff0e980227697bae608929ff0d39ca92cc2d9ebe7d6f3bc5ba47d8d8

Score
10/10
44caliberspywarestealer

Malware Config

Signatures

  • 44Caliber

    An open source infostealer written in C#.

    stealer44caliber
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WH.exe
    "C:\Users\Admin\AppData\Local\Temp\WH.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:988

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/988-54-0x0000000000CF0000-0x0000000000D3A000-memory.dmp

    Filesize

    296KB

    Download