Analysis
-
max time kernel
93s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
07-11-2022 02:23
General
-
Target
file.exe
-
Size
429KB
-
MD5
ad8cd8bd5cef0665fa3653e0f7d58d3f
-
SHA1
20f5598a6667869c9c3b7c858b19c8d8b717a5b4
-
SHA256
64a1c94fcab87b145fb8c3bc12811a247b0efd376d38ad1a19328c00ffa3b963
-
SHA512
b19e007910cba952fc1d5dcb093adabe51ca46023a48be936f2702616cad993a8dd70b507098a4a3f8fa9d1faa8acedcc2d6fb46b9b8a76c7c623cf7f6c465c3
-
SSDEEP
6144:o8dnyH0AckyCJM53R/ImK2muCIh7EUhzV8cnlgqjk/s7sl35e:1nyHXZGUm1lCIhbCcnlgqjk/Ve
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
204KB
-
Filesize
440KB
-
Filesize
4.4MB
-
Filesize
5.6MB
-
Filesize
6.1MB
-
Filesize
72KB
-
Filesize
1.0MB
-
Filesize
240KB
-
Filesize
408KB
-
Filesize
584KB
-
Filesize
472KB
-
Filesize
120KB
-
Filesize
1.8MB
-
Filesize
5.2MB
-
Filesize
204KB
-
Filesize
440KB
-
Filesize
204KB
-
Filesize
4.4MB