cb9991d983a1522273831c817c95bf503705987d181a2990b0d496ef9c07e4b8

Analysis

max time kernel
30s
max time network
75s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:54

Target

cb9991d983a1522273831c817c95bf503705987d181a2990b0d496ef9c07e4b8.exe
Size

1.3MB
MD5

b6434e775340be4a11369269b59ffb3d
SHA1

684308d2b46b98b476fa2b016ee08342a6818c47
SHA256

cb9991d983a1522273831c817c95bf503705987d181a2990b0d496ef9c07e4b8
SHA512

a646dfa5976267a26c5d509ca53af6c6840596fe03c81164e496d4ec72ee1d85ec6a3651ef5f406c36ef81cf6f3617c67a684c023005de0106aa0996b3e20156
SSDEEP

24576:THnqahpOsoCmbbb1w+fuCljtG/uzkye+ZKASlcSJ:uahpRmbbb1w+zspEZC

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

cb9991d983a1522273831c817c95bf503705987d181a2990b0d496ef9c07e4b8.exe

pid process

1368 cb9991d983a1522273831c817c95bf503705987d181a2990b0d496ef9c07e4b8.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

cb9991d983a1522273831c817c95bf503705987d181a2990b0d496ef9c07e4b8.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1368-54-0x0000000076301000-0x0000000076303000-memory.dmp

Filesize
8KB

Download