Overview

overview

7

Static

static

4437c6446f...a4.exe

windows7-x64

7

4437c6446f...a4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    44s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4437c6446fc8441204fcc5c3692b5c45499a6ff6558ef38b195c07044cdfb9a4.exe

  • Size

    2.9MB

  • MD5

    117ba2f469f0c4feab67d8b2886323bb

  • SHA1

    bad70a8154341282155b1aecdb3d104bcae0d32c

  • SHA256

    4437c6446fc8441204fcc5c3692b5c45499a6ff6558ef38b195c07044cdfb9a4

  • SHA512

    6df3f1560505cd1251db8a95a0e274e5727eb41957bd7fa3ff4d3257e9fd17e2afadc5e93f39f61b73d7e25861fb72a4a1976acd101ffed72ab981a4a7e05e37

  • SSDEEP

    49152:IftpvLKKYt6Vdiipi6+P0bZuKHkL552ypX+rrWuxopkcoCEvf:ALLDxiZP0bkuKGypX+rrP

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 3 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4437c6446fc8441204fcc5c3692b5c45499a6ff6558ef38b195c07044cdfb9a4.exe
    "C:\Users\Admin\AppData\Local\Temp\4437c6446fc8441204fcc5c3692b5c45499a6ff6558ef38b195c07044cdfb9a4.exe"
    1⤵
    • Drops Chrome extension
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1048

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1048-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-55-0x00000000006F0000-0x0000000000796000-memory.dmp

    Filesize

    664KB

    Download