22fa6df334cc468b6b4ac41d311fefe041328c2326cb720619a547e464576e76

Analysis

max time kernel
68s
max time network
158s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 11:40

Target

22fa6df334cc468b6b4ac41d311fefe041328c2326cb720619a547e464576e76.exe
Size

937KB
MD5

01d6e467368ad1f57b96d06ffbf60e99
SHA1

0b848f7b71025a527bc3b9e0e2eb7f1583497ebd
SHA256

22fa6df334cc468b6b4ac41d311fefe041328c2326cb720619a547e464576e76
SHA512

f68cf8133314256a5575ad9777d0dc7c54a5d406d549e220e72a703f036bbdd5b235ec08f4ab59bba7a944a35a37aca9c5c83005c0c4302410aaec0a076e6e5f
SSDEEP

24576:eLii0FS812mMs549d0ij+BgFoFoGQI9mWuYAHsbYcSmK:e30E812Dh9d0tBgFoFoI0Wesb

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

22fa6df334cc468b6b4ac41d311fefe041328c2326cb720619a547e464576e76.exe

pid process

2028 22fa6df334cc468b6b4ac41d311fefe041328c2326cb720619a547e464576e76.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

22fa6df334cc468b6b4ac41d311fefe041328c2326cb720619a547e464576e76.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2028-54-0x0000000076391000-0x0000000076393000-memory.dmp

Filesize
8KB

Download