233cb5a60a574fe2eeebf55e5497a1f908e25a13955425702c5113ecb5aa0e4c

Analysis

max time kernel
99s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2022 23:32

Target

233cb5a60a574fe2eeebf55e5497a1f908e25a13955425702c5113ecb5aa0e4c.exe
Size

20KB
MD5

a2088391382e5467d60a125446696cf0
SHA1

dd4e8f1981d3138e9a3c60b82e012683de52eef4
SHA256

233cb5a60a574fe2eeebf55e5497a1f908e25a13955425702c5113ecb5aa0e4c
SHA512

851918cc25953d9c729e176257afdd670b2768a474f771e8c9a6f8ecfcaa115360d9a536dbf0753a36ce7db58a79448e32e3f57a0ef5a9724361fc832c74abee
SSDEEP

192:pOZ6NGeb878vUrnnnnnnnnnnnnnVOGfDpx2+j8eYfqLnMpH3O1Wm46dXQhZGWv0J:pQ6rb8Av3MDpg+sS6H+1U+XMZxVoERXA

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2128	3456	WerFault.exe	79

C:\Users\Admin\AppData\Local\Temp\233cb5a60a574fe2eeebf55e5497a1f908e25a13955425702c5113ecb5aa0e4c.exe
"C:\Users\Admin\AppData\Local\Temp\233cb5a60a574fe2eeebf55e5497a1f908e25a13955425702c5113ecb5aa0e4c.exe"
1⤵
PID:3456
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 320
  2⤵
  - Program crash
  PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3456 -ip 3456
1⤵
PID:2580

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact