Analysis

  • max time kernel
    178s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 14:29

General

  • Target

    64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe

  • Size

    52KB

  • MD5

    68ff8af728487f9988abc28f60171360

  • SHA1

    0da6334e03c7e7689c74c89c4bf4edee4b2d5291

  • SHA256

    64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe

  • SHA512

    41736913d0163e70a05d6a321d338d2e3205abf14f5f73a36b78686f4f80c1f71a8e8df243e7276933f1a9980ab7ab6521fdd8f9d1fb15230f2000623ceadecb

  • SSDEEP

    768:ujjYmM5rGqLABbveErTzr/Zahzie9lUZqf9whouE9hO7T:cjYmQeVEhjjfOhcDO7T

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    185.28.20.94
  • Port:
    21
  • Username:
    u318050805
  • Password:
    1092387456ke

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe
    "C:\Users\Admin\AppData\Local\Temp\64747cd911d20ca2b0702cbacdea86ee93d3448a6e4542b25df294d7c1c85cbe.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4752-132-0x0000000074A00000-0x0000000074FB1000-memory.dmp

    Filesize

    5.7MB

  • memory/4752-133-0x0000000074A00000-0x0000000074FB1000-memory.dmp

    Filesize

    5.7MB

  • memory/4752-134-0x0000000074A00000-0x0000000074FB1000-memory.dmp

    Filesize

    5.7MB