c8356c2359c3f754cf55c5cbf62e7983dab65091c1159f6734728d176f29bb12

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 15:56

Target

c8356c2359c3f754cf55c5cbf62e7983dab65091c1159f6734728d176f29bb12.exe
Size

1.3MB
MD5

70eec275539211218dfd35d394ca5841
SHA1

f4b31e1929212a18c4b100dbf1ebe17c4725c79c
SHA256

c8356c2359c3f754cf55c5cbf62e7983dab65091c1159f6734728d176f29bb12
SHA512

683167c3c015ee50f887974a23bf76ccf8dfe6357cbbae2999681c22b831e93cdd04f1ffc8114439f1490579e251aacc374626ec724cff5ec384f377d23c512f
SSDEEP

24576:nBT7a45fdhGL836ISF8zyi5lhZL6HbOOBB2U5gTpZSAaucSbAMb:VPOL83w8Oi5lhZL6iOH58ZCvM

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

c8356c2359c3f754cf55c5cbf62e7983dab65091c1159f6734728d176f29bb12.exe

pid process

1800 c8356c2359c3f754cf55c5cbf62e7983dab65091c1159f6734728d176f29bb12.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

c8356c2359c3f754cf55c5cbf62e7983dab65091c1159f6734728d176f29bb12.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1800-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download