Overview

overview

7

Static

static

902fae0bbc...2f.exe

windows7-x64

7

902fae0bbc...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    154s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 22:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    902fae0bbc69f3ce9980bcc072d7947a45d29a7560b2a6d989d48a853ffa472f.exe

  • Size

    1.3MB

  • MD5

    2b60b8fb5912027b56b3339b3cf30080

  • SHA1

    46dc75b68bd6505b4c2d72c49e4366253c54fd83

  • SHA256

    902fae0bbc69f3ce9980bcc072d7947a45d29a7560b2a6d989d48a853ffa472f

  • SHA512

    30e844dca3765317545a2a3c4302b8c0fe0b7246b9d66e96024f81102b816a0d56cfb0ed27877e953118f5bd98bd4f61fdc6a5a54eddefb5cd53b17c332eac2f

  • SSDEEP

    24576:1t5RmGttOsaiSRqVBLKGs7Ky9EAZI6lK1FpHTBKVGJGayqA:HmeanmKFKy9ECsJTBKVGJGanA

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\902fae0bbc69f3ce9980bcc072d7947a45d29a7560b2a6d989d48a853ffa472f.exe
    "C:\Users\Admin\AppData\Local\Temp\902fae0bbc69f3ce9980bcc072d7947a45d29a7560b2a6d989d48a853ffa472f.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4876

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads