Analysis
-
max time kernel
153s -
max time network
162s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
30-10-2022 15:39
General
-
Target
8a2b81c40804d817bed394f3d58f17933b79f8d7d8726e7fdca1a9e69a7aac9c.exe
-
Size
68KB
-
MD5
81d396f1cf696b2a0c76c6e2391178ef
-
SHA1
01e346045c3e2cdafd1253588b7187b78e380783
-
SHA256
8a2b81c40804d817bed394f3d58f17933b79f8d7d8726e7fdca1a9e69a7aac9c
-
SHA512
aed588a1fc1ed337e097508d9032517b7dbd00f2f3d13e4d5fe7ed02686f8b478276a792d13a1c21bbfb04f2c23a9a1a38da68270fb2a0ea3cad81f2c5f9d9e7
-
SSDEEP
1536:QskVrzq2umeWO2+FPx/JU0vsofRiqMmM:xciU0vrRieM
Score
7/10
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8a2b81c40804d817bed394f3d58f17933b79f8d7d8726e7fdca1a9e69a7aac9c.exe"C:\Users\Admin\AppData\Local\Temp\8a2b81c40804d817bed394f3d58f17933b79f8d7d8726e7fdca1a9e69a7aac9c.exe"1⤵
- Suspicious use of SetWindowsHookEx