Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:10
Static task
static1
Behavioral task
behavioral1
Sample
559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe
-
Size
1.3MB
-
MD5
3fbc3235c7d976c4006b2b74ace9a82e
-
SHA1
e40df8dda94bc4b425b2079a549469085830b7d1
-
SHA256
559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43
-
SHA512
9fafc0b38de24733e710a0dda41b8730f884a39659fd84fe81b720edb78a927d15aa36dbb568502213d6122798109850e80caeafa9a92f54c4f4d0585e918c91
-
SSDEEP
24576:THnqahpOsoCmbbb1w+fuCljtG/uzkye+ZKASlcSI:uahpRmbbb1w+zspEZC
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exepid process 1660 559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exepid process 1660 559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe 1660 559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe 1660 559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe 1660 559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe"C:\Users\Admin\AppData\Local\Temp\559d4f36e5bab87eb09668d4d4ad9de9ecbb07f7e2c96e665edb5b6a0f568e43.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1660-54-0x0000000075F51000-0x0000000075F53000-memory.dmpFilesize
8KB