aba2743d1110f0548b81ec76b2df6f97fb711a554428cf411366fc92efe26a96

Analysis

max time kernel
143s
max time network
150s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 07:52

Target

aba2743d1110f0548b81ec76b2df6f97fb711a554428cf411366fc92efe26a96.exe
Size

630KB
MD5

318ec35363193c33ed17bd33e5db2e69
SHA1

0324135ee0c1f1ae30fe4a9b2ac75346d606c172
SHA256

aba2743d1110f0548b81ec76b2df6f97fb711a554428cf411366fc92efe26a96
SHA512

8e057cc1b29c28c84ff9e9c5e9ddfa1de2c9d077d990abf4d2d575363237a2ea0d8141ff48fbd6e6c96f87290f354d86e0f21f8c58d49a27e6d5cf66709b36ea
SSDEEP

12288:o6C0w9s0Dj3LF0JNjnmz0w8ajtzBwOhIzcJUE+Jpf+xzSX:ox0w9s0DTLF0PKz0ruBNGoJUJyzSX

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1768	aba2743d1110f0548b81ec76b2df6f97fb711a554428cf411366fc92efe26a96.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1768	aba2743d1110f0548b81ec76b2df6f97fb711a554428cf411366fc92efe26a96.exe
1768	aba2743d1110f0548b81ec76b2df6f97fb711a554428cf411366fc92efe26a96.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1768-54-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download