Overview

overview

7

Static

static

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

7

Analysis

  • max time kernel
    36s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2022, 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d99876b6dfbdc1f7ff30f3e59dad2e21eb9f47283ad66414a7da80a6ceeef981.exe

  • Size

    7.5MB

  • MD5

    f7ce15fafb461392f0b3041b3948cdc7

  • SHA1

    49d7256311465a15b195c74640c94ba1cfdb0938

  • SHA256

    d99876b6dfbdc1f7ff30f3e59dad2e21eb9f47283ad66414a7da80a6ceeef981

  • SHA512

    4ce76f83859be9c72921f26f1a9d2a632328feb5b732c171923363d2a6effc4c4a81073da7b47f105c8dafe8da6ce2b06d2b83cb5152081db22ab6bb1d01f394

  • SSDEEP

    49152:CNSA3ZZhlgQrb/T4vO90d7HjmAFd4A64nsfJ5yXh7yjAe5rx18h2vr0x42e9BPSy:GZxeYm9gKCkEjuRt6QNEA/dWke

Score
7/10
spywarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d99876b6dfbdc1f7ff30f3e59dad2e21eb9f47283ad66414a7da80a6ceeef981.exe
    "C:\Users\Admin\AppData\Local\Temp\d99876b6dfbdc1f7ff30f3e59dad2e21eb9f47283ad66414a7da80a6ceeef981.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\system32\cmd.exe
      cmd.exe /c "del C:\Users\Admin\AppData\Local\Temp\d99876b6dfbdc1f7ff30f3e59dad2e21eb9f47283ad66414a7da80a6ceeef981.exe"
      2⤵
      • Deletes itself
      PID:1352

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads