7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c

Analysis

max time kernel
185s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 16:45

Target

7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe
Size

2.3MB
MD5

5658bfc415c6c6fd7edadeb14cfba0e6
SHA1

b2e620068dc04c00271edc68a9fddd7872b66306
SHA256

7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c
SHA512

4a8f0fe805d2e8ce1f1aa3255242de301a9dcf66ca0c156faad8064c503d0ca522182a93e6308c77bb3399dd9587e6f36653c97153d84da15304439b9ba81c17
SSDEEP

49152:eLjThu7R9ExgSCrpn6sdGUUWDEbYrQ2CaT5zixe8cWACmJW3kYEAjC:eLfk7R9EqSCrpn6Z8DsYrIaT5za4WAHW

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 5 IoCs

Processes:

7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\208\manifest.json	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\208\manifest.json	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe
File created	C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\208\manifest.json	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\208\manifest.json	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe
File created	C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\iclekbbjgpehabpidkpgnnjmohldmedi\208\manifest.json	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe

pid	process
2928	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe
2928	7d2a274fa81cf0ffe0f231f6a5e6e8e8806463a17762b8290842ce2ec0cc2b9c.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2928-132-0x0000000000C00000-0x0000000000CA4000-memory.dmp

Filesize
656KB

Download