c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b

Analysis

max time kernel
264s
max time network
336s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 11:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
Size

937KB
MD5

d9ec7e4b4d54680a2335ebb09ef6cfbb
SHA1

b4523b4ddbbcb110aa0053c8c39d94f25733ce4e
SHA256

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b
SHA512

81076b942cf5a28a2ee530ade40691c7d2e02a66e9d328f0b50239d8770bb8bdb33ce0e4483516746a3754464637177e7d663da3b16908999840f163d450c208
SSDEEP

24576:eLii0FS812mMs549d0ij+BgFoFoGQI9mWuYAHsbYcS9K:e30E812Dh9d0tBgFoFoI0Wesb

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

pid	process
2764	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
2764	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

pid	process
2764	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
2764	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
2764	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
2764	c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe

C:\Users\Admin\AppData\Local\Temp\c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe
"C:\Users\Admin\AppData\Local\Temp\c3271d55e0bab26b9e75c1773ea17863dc18957b689ec4d9372bc60098cb9a3b.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2764

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads