Analysis
-
max time kernel
17s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
20-10-2022 04:24
Static task
static1
Behavioral task
behavioral1
Sample
2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
-
Size
906KB
-
MD5
809e0c89738652d117e6619761b11030
-
SHA1
ffb45b38ec3a6b73c1169d4fb668f226daa62610
-
SHA256
2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f
-
SHA512
e83d3e1e716d8df02cddf1286a604f4934b9ea27db384b7713944e5f10bf7f926217a5bca6fe0b024a81e9ceb715eaab8676a78f60ffc6a78f380d9579d9eeb4
-
SSDEEP
24576:fDRxT9mRdj/bpSjenPDz0unDbDV9nEUF/cS8XHv:foQjenPDz0u3D8UFsHv
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 912 2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 912 2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe 912 2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe 912 2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe 912 2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe
Processes
Network
-
Remote address:8.8.8.8:53Requestimp.premiuminstaller.comIN AResponse
-
DNSconfig.premiuminstaller.com2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exeRemote address:8.8.8.8:53Requestconfig.premiuminstaller.comIN AResponse
No results found
-
8.8.8.8:53imp.premiuminstaller.comdns2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe70 B 137 B 1 1
DNS Request
imp.premiuminstaller.com
-
8.8.8.8:53config.premiuminstaller.comdns2fb5625fb2efd53b54c42937b63e856a77493b1afa839ee6ffa9d678b8db9e6f.exe73 B 140 B 1 1
DNS Request
config.premiuminstaller.com