74ab786eb3393fca32d0cd1672073f239fe5438b8b257351e379df6559394a96

Analysis

max time kernel
40s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74ab786eb3393fca32d0cd1672073f239fe5438b8b257351e379df6559394a96.exe
Size

100KB
MD5

045f4a7c0cd783f39383ee8cf7b388b4
SHA1

3e4d9774dafa78010c302f94b7d485581fa6b5e7
SHA256

74ab786eb3393fca32d0cd1672073f239fe5438b8b257351e379df6559394a96
SHA512

d15bbcd14a9123ac39d4a85b350f39922de17a29fa5f3342d0961bfcda3d5b118379b8fb22a5c186e57d97c2395a58187702c015b2c5c8da296fc552d15e2cfc
SSDEEP

1536:EL0iO60zY0y5NTm6/E9eWO2+FPv/D6bibT2uRQEYEqM:UHFl5m60cT2uRQEYBM

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
956	74ab786eb3393fca32d0cd1672073f239fe5438b8b257351e379df6559394a96.exe

C:\Users\Admin\AppData\Local\Temp\74ab786eb3393fca32d0cd1672073f239fe5438b8b257351e379df6559394a96.exe
"C:\Users\Admin\AppData\Local\Temp\74ab786eb3393fca32d0cd1672073f239fe5438b8b257351e379df6559394a96.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:956

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-56-0x0000000075E11000-0x0000000075E13000-memory.dmp

Filesize
8KB

Download