c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b

Analysis

max time kernel
28s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:31

Target

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
Size

937KB
MD5

d9ec7e4b4d54680a2335ebb09ef6cfbb
SHA1

b4523b4ddbbcb110aa0053c8c39d94f25733ce4e
SHA256

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b
SHA512

81076b942cf5a28a2ee530ade40691c7d2e02a66e9d328f0b50239d8770bb8bdb33ce0e4483516746a3754464637177e7d663da3b16908999840f163d450c208
SSDEEP

24576:eLii0FS812mMs549d0ij+BgFoFoGQI9mWuYAHsbYcS9K:e30E812Dh9d0tBgFoFoI0Wesb

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

pid process

1516 c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

pid	process
1516	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
1516	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
1516	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
1516	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1516-54-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download