Analysis
-
max time kernel
286s -
max time network
314s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:45
Static task
static1
Behavioral task
behavioral1
Sample
22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe
Resource
win7-20221111-en
windows7-x64
3 signatures
150 seconds
General
-
Target
22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe
-
Size
935KB
-
MD5
a63e61d110d0c8548aa2159ce4dc90bb
-
SHA1
6bcb26a972c81b1c53e2b8cd483d51be14842995
-
SHA256
22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1
-
SHA512
68682feeafbf29979cc768b83d66d2ea40998913202fca02ac7d4eb2ef4f265efeb4a613407fe477cc16baa54c8f6e3c6328dbfc0bd232d2a9df136ce29ee095
-
SSDEEP
24576:9hKrgaIj+7bsYATkNU06QIFjzK5LJcpIF5ukriA0//cSmw:MoYATkXxIlzK5LJb5VrM/x
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exepid process 4080 22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe 4080 22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exepid process 4080 22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe 4080 22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe 4080 22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe 4080 22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe"C:\Users\Admin\AppData\Local\Temp\22b82699d692e82dd1b20899f1a22bf7ee5c9a317a83dc5f01a3ba818f1d1ad1.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx