601243aef0e2f9e945dc5ae5324517d31726f452acd54543cc106d691687710e

Analysis

max time kernel
163s
max time network
175s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 03:01

Target

downloaded.exe
Size

87KB
MD5

f512ab1d4a38bdfe39451bf678f6bbae
SHA1

f4d0be2ed6febb20b16e3cd0807a58c5efed7ea1
SHA256

601243aef0e2f9e945dc5ae5324517d31726f452acd54543cc106d691687710e
SHA512

d9c84b35f9b3504ca2214113e1325b44f13fd9b5171f8475789b935241316f335c14c9c80ef20aabc7236a21cb17e11ad5ebccff4f08d56f6c75f4c8e19c7bad
SSDEEP

1536:OAGCTGyPsL+l5teICPJNR1xWoE9MZiwUt6Cxwe1L71hpctusinVKka:OAGCTfEqln1eR1xMWZiwUxVc4siV/

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2028	downloaded.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 1708	2028	downloaded.exe	29
PID 2028 wrote to memory of 1708	2028	downloaded.exe	29
PID 2028 wrote to memory of 1708	2028	downloaded.exe	29
PID 2028 wrote to memory of 1708	2028	downloaded.exe	29
PID 1708 wrote to memory of 1880	1708	cmd.exe	30
PID 1708 wrote to memory of 1880	1708	cmd.exe	30
PID 1708 wrote to memory of 1880	1708	cmd.exe	30
PID 1708 wrote to memory of 1880	1708	cmd.exe	30

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Roaming\Microsoft\Tsk.xml

Filesize
1KB

MD5
ca0019d4880dab6b175c72ecf563299d

SHA1
49cbbeb5b5cf18505e0f18676f135a956168e744

SHA256
90363fb9dd640ed04b00fa0007fbc942e3179acb5b1282de842e67b6a815a7d2

SHA512
b273245e41304e997c9ec1bb68cea8b486e359d9b520650901aac1c5e7c06afc6bd71e519027c90a821eda1121399ba6de465a034d8d545f4ab83458ab3f8372

Download Submit