Overview

overview

7

Static

static

7182663ccd...57.exe

windows7-x64

7

7182663ccd...57.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    24s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 12:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7182663ccd62e6465a626a56e53298eb20ad24a511e34d4a50f93c630430c257.exe

  • Size

    36KB

  • MD5

    600abef3a90c9f63894f970e4b8fd2e0

  • SHA1

    acd9e5d7a6611d0ce6275034712b28b9d60ab7f1

  • SHA256

    7182663ccd62e6465a626a56e53298eb20ad24a511e34d4a50f93c630430c257

  • SHA512

    6e1caeb749dc5e3824647204aa03dcb62cba21ad766380c94d6a0476ddea4699780b59ddc2e66df552172d01e5ce3a6508c435f350614544f91a4d9953ae897c

  • SSDEEP

    768:G3fVHcf10bma38erbAl3n4XjnGg8XjcH:GPdW1gma3zr84TX8XIH

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7182663ccd62e6465a626a56e53298eb20ad24a511e34d4a50f93c630430c257.exe
    "C:\Users\Admin\AppData\Local\Temp\7182663ccd62e6465a626a56e53298eb20ad24a511e34d4a50f93c630430c257.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 400
      2⤵
      • Program crash
      PID:1336

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1808-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1808-55-0x0000000000330000-0x0000000000334000-memory.dmp

          Filesize

          16KB

          Download

        • memory/1808-56-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/1808-58-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download