Analysis
-
max time kernel
91s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
23-11-2022 11:44
Static task
static1
Behavioral task
behavioral1
Sample
70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe
Resource
win7-20220901-en
windows7-x64
3 signatures
150 seconds
General
-
Target
70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe
-
Size
935KB
-
MD5
39389da4a4851a46278a27889999ad78
-
SHA1
ace5f1b4f881957054831e50667f1c624270322a
-
SHA256
70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab
-
SHA512
f29e02fbaaa37b56a9a7909831d0e392f7ade1df08c9bc64efacb1c9103dfd009de3e2136c2b4dd12d53bf749e575c90fcb0fc9554eee0904611a0f591f6e39f
-
SSDEEP
24576:9hKrgaIj+7bsYATkNU06QIFjzK5LJcpIF5ukriA0//cSrw:MoYATkXxIlzK5LJb5VrM/Y
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exepid process 4996 70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe 4996 70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exepid process 4996 70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe 4996 70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe 4996 70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe 4996 70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe"C:\Users\Admin\AppData\Local\Temp\70a4695d6457629b02b7a5f886957042902709e5757dc338242f3293135d71ab.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx