Analysis

  • max time kernel
    17s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2022 04:24

General

  • Target

    2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe

  • Size

    906KB

  • MD5

    809e0c89738652d117e6619761b11030

  • SHA1

    ffb45b38ec3a6b73c1169d4fb668f226daa62610

  • SHA256

    2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f

  • SHA512

    e83d3e1e716d8df02cddf1286a604f4934b9ea27db384b7713944e5f10bf7f926217a5bca6fe0b024a81e9ceb715eaab8676a78f60ffc6a78f380d9579d9eeb4

  • SSDEEP

    24576:fDRxT9mRdj/bpSjenPDz0unDbDV9nEUF/cS8XHv:foQjenPDz0u3D8UFsHv

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
    "C:\Users\Admin\AppData\Local\Temp\2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:912

Network

  • flag-us
    DNS
    imp.premiuminstaller.com
    2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
    Remote address:
    8.8.8.8:53
    Request
    imp.premiuminstaller.com
    IN A
    Response
  • flag-us
    DNS
    config.premiuminstaller.com
    2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
    Remote address:
    8.8.8.8:53
    Request
    config.premiuminstaller.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    imp.premiuminstaller.com
    dns
    2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
    70 B
    137 B
    1
    1

    DNS Request

    imp.premiuminstaller.com

  • 8.8.8.8:53
    config.premiuminstaller.com
    dns
    2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
    73 B
    140 B
    1
    1

    DNS Request

    config.premiuminstaller.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/912-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.