Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    74s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-10-2022 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    358KB

  • MD5

    381e4c7a1710e50685d70d5c8f64bf0f

  • SHA1

    3238069f1f6784fc4a2bab012639e2a8f137b2a6

  • SHA256

    407312c530750f0320b643a45763bba006d313cefa8df72f463ec836d3f9de08

  • SHA512

    2f9ff2926deaadde24c4fdcd2e0372df3d4769010c4f9b41ed584a5ffda73dc748873fb54fdcaa719037426c52dff4d4355f7b7389937db134ade90d27f20a44

  • SSDEEP

    6144:Av6/B0LPN7gIFcZucmc9irChTWRNk5VP1ySqYXlnpTIU:Av6/mxMIFc/mc9icqRq9ySDXln

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4584
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 1256
      2⤵
      • Program crash
      PID:4704
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4584 -ip 4584
    1⤵
      PID:3364

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4584-132-0x0000000004CA0000-0x0000000005244000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4584-133-0x00000000007E3000-0x0000000000814000-memory.dmp

      Filesize

      196KB

      Download

    • memory/4584-135-0x0000000000400000-0x00000000005B7000-memory.dmp

      Filesize

      1.7MB

      Download

    • memory/4584-134-0x0000000000750000-0x000000000078E000-memory.dmp

      Filesize

      248KB

      Download

    • memory/4584-136-0x00000000052D0000-0x0000000005362000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4584-137-0x0000000005600000-0x0000000005C18000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4584-138-0x0000000005420000-0x000000000552A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4584-139-0x0000000005550000-0x0000000005562000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4584-140-0x0000000005570000-0x00000000055AC000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4584-141-0x0000000005E90000-0x0000000005EF6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4584-142-0x0000000006590000-0x0000000006752000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4584-143-0x0000000006760000-0x0000000006C8C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4584-144-0x00000000007E3000-0x0000000000814000-memory.dmp

      Filesize

      196KB

      Download

    • memory/4584-145-0x0000000007010000-0x0000000007086000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4584-146-0x0000000007090000-0x00000000070E0000-memory.dmp

      Filesize

      320KB

      Download

    • memory/4584-147-0x00000000007E3000-0x0000000000814000-memory.dmp

      Filesize

      196KB

      Download

    • memory/4584-148-0x0000000000400000-0x00000000005B7000-memory.dmp

      Filesize

      1.7MB

      Download