5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e

Analysis

max time kernel
153s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 07:08

Target

5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe
Size

937KB
MD5

2551d8d6119a1fcd0a2b9a1ead505587
SHA1

8ee6cf0d048a5a29fc1c5b659c399f817b13428d
SHA256

5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e
SHA512

59f9c270a4b318a6b16d615c3a836ad8940ea17d11fbd26a3fb65916d37aab542910bbed9bce573636d4c9c83899c7d93d614ac4ea8a1dd325f084198de83432
SSDEEP

24576:S/6NgZyGGZAim8giQ3UA/0TIRKb0gJAvaAtmSJcSBJEh:ybZfGZARViQkA/0TIR3gGvtxSh

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4260	5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe
4260	5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4260	5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe
4260	5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe
4260	5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe
4260	5c8c28d76762cfbd8a3ef4c578424a0538e10371d6d6c3226a447e70c7ca937e.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact