85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a

Analysis

max time kernel
112s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a.exe
Size

806KB
MD5

819c54bc2570d5d94c4f97d525bc9280
SHA1

80d19baf940dfeb3d146aa2e1c6ba0448d3f2b53
SHA256

85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a
SHA512

feedf8dcf77642f325f666543f2c8181768508a9b017a14491df28eaaf003ad182d31d08722bd7986f49d5a17c807f74ca0f2156c3dd380f0fec9e299008b9c7
SSDEEP

24576:ATydRTIuvSaiZOLBfgeuuFq6qYX0wiWVjJF:AedRTZ6dGB14tEb

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 4360	4788	85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a.exe	88
PID 4788 wrote to memory of 4360	4788	85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a.exe	88
PID 4788 wrote to memory of 4360	4788	85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a.exe	88

C:\Users\Admin\AppData\Local\Temp\85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a.exe
"C:\Users\Admin\AppData\Local\Temp\85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\593.bat
  2⤵
  PID:4360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\593.bat

Filesize
175B

MD5
81f0f811f118605bb4aab7aac7d1673c

SHA1
b2965bc74eae07d6af87e3eaa87e0d7d16bcbc1b

SHA256
82d0a78dedaa58116298d66720960251db876f76fa5b715cb4875f8ba71713d0

SHA512
8f564e428152b27ca5eee769f06222afbf83828eec9a9fbd5d8410caccb158a283db08f4d08a18156f30b1c17d2d5cf5eb10e91e482ccfac3ee1b7bd2c960c2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\64197.exe

Filesize
806KB

MD5
819c54bc2570d5d94c4f97d525bc9280

SHA1
80d19baf940dfeb3d146aa2e1c6ba0448d3f2b53

SHA256
85348afac4df40f83b4f1c2e921698361929951ce4fc0aa157a9f7dcaa4e2d9a

SHA512
feedf8dcf77642f325f666543f2c8181768508a9b017a14491df28eaaf003ad182d31d08722bd7986f49d5a17c807f74ca0f2156c3dd380f0fec9e299008b9c7

Download Submit
memory/4360-136-0x0000000000000000-mapping.dmp

Download
memory/4788-132-0x0000000004960000-0x0000000004AA5000-memory.dmp

Filesize
1.3MB

Download