66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8

General

Target

66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
Size

539KB
MD5

7a2d9c647857f0e7eeeba4c326ad8d19
SHA1

b025fdb76c3f065c99003899891d1260e6710aa5
SHA256

66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8
SHA512

91fc6848ea4b7a1a6e9c795065f414d48454a113c08d9b60be1dc8ffaaad66009883727fdb7bbd341de4acd38ce79b46fb9b8f4100991b878a392936cd63f76a
SSDEEP

768:riQ5zzoZg9u9A9ddJ0LI6VuggDuoGUtNN6IxtJcTcachc5hYuAznQRki:rissgYq7dJ0LI6VuggD3GUN6I70hY8k

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Program Files directory 64 IoCs

Processes:

66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

description	ioc	process
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\vi.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\chrome.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\fil.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\lt.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\fi.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\sk.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\cs.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\es.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\resources.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\es-419.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ta.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\id.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ro.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\zh-TW.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\d3dcompiler_43.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\libegl.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\tr.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\en-US.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\hu.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\36.0.1985.143.manifest	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\icudtl.dat	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\bg.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\fr.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\gu.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\hi.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\nl.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\uk.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ar.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ca.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\hr.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ms.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ru.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\ffmpegsumo.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\nacl_irt_x86_32.nexe	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\ppgooglenaclpluginchrome.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\en-GB.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\fa.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\el.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\chrome.exe	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\da.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\chrome_child.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\delegate_execute.exe	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\nacl_irt_x86_64.nexe	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ko.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\pt-BR.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\it.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\ja.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\kn.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\nb.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\libexif.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\PepperFlash\manifest.json	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\he.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\metro_driver.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\nacl64.exe	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\xinput1_3.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\sv.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\chrome_200_percent.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\pt-PT.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\sl.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\d3dcompiler_46.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\widevinecdmadapter.dll	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Update\GoogleUpdate.exe	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
File created	C:\Program Files (x86)\Googles\Chrome\Application\36.0.1985.143\Locales\mr.pak	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 9 IoCs

Processes:

66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

pid	process
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

description pid process

Token: SeDebugPrivilege 1340 66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

description	pid	process
Token: SeDebugPrivilege	1340	66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe

C:\Users\Admin\AppData\Local\Temp\66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe
"C:\Users\Admin\AppData\Local\Temp\66a94f34f212fa06fd7b1768ceba430a4f194112ace7eec18ea285c9eb9556e8.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1340

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-54-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download
memory/1340-55-0x0000000074530000-0x0000000074ADB000-memory.dmp

Filesize
5.7MB

Download
memory/1340-56-0x0000000074530000-0x0000000074ADB000-memory.dmp

Filesize
5.7MB

Download
memory/1340-57-0x0000000074530000-0x0000000074ADB000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing