Analysis
-
max time kernel
178s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
03-10-2022 14:29
Static task
static1
Behavioral task
behavioral1
Sample
64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe
-
Size
52KB
-
MD5
68ff8af728487f9988abc28f60171360
-
SHA1
0da6334e03c7e7689c74c89c4bf4edee4b2d5291
-
SHA256
64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe
-
SHA512
41736913d0163e70a05d6a321d338d2e3205abf14f5f73a36b78686f4f80c1f71a8e8df243e7276933f1a9980ab7ab6521fdd8f9d1fb15230f2000623ceadecb
-
SSDEEP
768:ujjYmM5rGqLABbveErTzr/Zahzie9lUZqf9whouE9hO7T:cjYmQeVEhjjfOhcDO7T
Malware Config
Extracted
Credentials
Protocol: ftp- Host:
185.28.20.94 - Port:
21 - Username:
u318050805 - Password:
1092387456ke
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 4752 64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 4752 64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe"C:\Users\Admin\AppData\Local\Temp\64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4752