269fb57ab04f2dbb6dd581ed952fcf9d04d7f51e6da4ec5becd50d9ea962897d

Analysis

max time kernel
84s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-08-2022 17:35

Target

949249312.exe
Size

7.2MB
MD5

ce45869a4141e98397c694a3e114c64d
SHA1

af6a203de949cbaabe4dafbe4478638946fb84fc
SHA256

269fb57ab04f2dbb6dd581ed952fcf9d04d7f51e6da4ec5becd50d9ea962897d
SHA512

88ae84a4157caef33863d2fee34b0cf4933955e488221385ff757010473d71bc5a1ef07862b664a4d641214d9ff189f266cc581697eea7ee1d4d997fbb0e1c93
SSDEEP

49152:6fbF+F3plgWrb/TwvO90dL3BmAFd4A64nsfJ1WQepVT8CPIpyy+Y/zmZnHz1iDz5:6fotWfpp0JzcCKvxQunEFbVepK3dx

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Temp\C:\Users\Admin\AppData\Local\Temp\949249312.exe.lock	949249312.exe

C:\Users\Admin\AppData\Local\Temp\949249312.exe
"C:\Users\Admin\AppData\Local\Temp\949249312.exe"
1⤵
- NTFS ADS
PID:4476

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact