416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08

Analysis

max time kernel
112s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08.exe
Size

803KB
MD5

7c06f11980d1cdafac8575d426f6c850
SHA1

e3aadb4dc026db5ac53c59c9d7f3cfc3f3dc239e
SHA256

416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08
SHA512

d898b38eb2bdafb0f2ebcbe1b44ccba5c23983ba4dc0e3831ae92180b052cda2fa1f3bca010c84446dae21bc9e48a9ebd5034aeb9fd1b1b58e2cfd077b04c3fa
SSDEEP

12288:1IzrgcJ0y9LeuTGwmxw/oCJ+iIT7dwsrHq30l9q3mxdgP1Or9dFfufddWwMC:1TydRTGwztaHrHbl9qvtELufdxMC

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 3188	1584	416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08.exe	88
PID 1584 wrote to memory of 3188	1584	416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08.exe	88
PID 1584 wrote to memory of 3188	1584	416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08.exe	88

C:\Users\Admin\AppData\Local\Temp\416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08.exe
"C:\Users\Admin\AppData\Local\Temp\416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\250.bat
  2⤵
  PID:3188

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\250.bat

Filesize
177B

MD5
62218cc5769964d407bc84f71641c13c

SHA1
88dcf6f3bf219366fbf259afe8bf286730d82b6b

SHA256
7398bbfa35721b77fa28318bec1bd8d194f9df68ac8cd616f75826032bc1f13f

SHA512
2a9147eaa2ee183f2dac559b28f2bdf2cfa3a7e4a572d65c9852628b07a135f19e0a531199da030a69a9ce388584d3d34bd6ea29c0c61145dadcf68b8e5eb452

Download Submit
C:\Users\Admin\AppData\Local\Temp\804225.exe

Filesize
803KB

MD5
7c06f11980d1cdafac8575d426f6c850

SHA1
e3aadb4dc026db5ac53c59c9d7f3cfc3f3dc239e

SHA256
416d47f1be7774def2125aa6a55663fee6bf8193c3b1230a01d7d004edec9b08

SHA512
d898b38eb2bdafb0f2ebcbe1b44ccba5c23983ba4dc0e3831ae92180b052cda2fa1f3bca010c84446dae21bc9e48a9ebd5034aeb9fd1b1b58e2cfd077b04c3fa

Download Submit
memory/1584-132-0x0000000004E50000-0x0000000004F95000-memory.dmp

Filesize
1.3MB

Download