Analysis
-
max time kernel
19s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
21-10-2022 04:28
General
-
Target
56450f9bc403ba6c35bc59bb9009e010115fec62cc4dec2f0e731b7b3099c8dd.exe
-
Size
344KB
-
MD5
765b0536202b40d23c76bcd1c4b71a28
-
SHA1
43b249119dcdf155acdc1ea367364a49d879851f
-
SHA256
56450f9bc403ba6c35bc59bb9009e010115fec62cc4dec2f0e731b7b3099c8dd
-
SHA512
eaf85e39b2fa0d7c6e7cf7b04ed63377e74b3f1a03e989d05d8d0d4d7e8e233408dcc98afe899ab7676c4f257142acac61ca6f85bdf0fa56f83bdc3bca19caa8
-
SSDEEP
6144:A/T3zd9AVAixibDqwbKhqjX9kjeKHYFqoECLrLnZF7tGUP+BgkTbXD/3/:A/XM4DShe9EcHPLrLZ5AICgkTP3/
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Delays execution with timeout.exe 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\56450f9bc403ba6c35bc59bb9009e010115fec62cc4dec2f0e731b7b3099c8dd.exe"C:\Users\Admin\AppData\Local\Temp\56450f9bc403ba6c35bc59bb9009e010115fec62cc4dec2f0e731b7b3099c8dd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c timeout 5 && del C:\Users\Admin\AppData\Local\Temp\56450F~1.EXE2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\timeout.exetimeout 53⤵
- Delays execution with timeout.exe
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB