Overview

overview

7

Static

static

8890da59fa...5a.exe

windows7-x64

7

8890da59fa...5a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8890da59fa55d62e7f2af20ae300610c1525502a9ffe54a8e39802bf6fccd45a.exe

  • Size

    1.1MB

  • MD5

    e5c90586782654161d367a0b917f2c11

  • SHA1

    6bd3a5befce8d8853e56689fe5379ad213774915

  • SHA256

    8890da59fa55d62e7f2af20ae300610c1525502a9ffe54a8e39802bf6fccd45a

  • SHA512

    d416a6b80acbb9c610d96b57ff7142a5c4b8d4d750b25952718031118dc004e1c2b2c14fb62e887d855a173ad39b40681fce7f9c4fcd5f21124ae3277c67064a

  • SSDEEP

    24576:iZuufNfHuZDIahRUJ8laSNovBq0fTQ+thff0lXh:iXf8hhraJLTztlmh

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8890da59fa55d62e7f2af20ae300610c1525502a9ffe54a8e39802bf6fccd45a.exe
    "C:\Users\Admin\AppData\Local\Temp\8890da59fa55d62e7f2af20ae300610c1525502a9ffe54a8e39802bf6fccd45a.exe"
    1⤵
    • Drops Chrome extension
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2820
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
    1⤵
      PID:4508
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
      1⤵
        PID:4524

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2820-132-0x0000000002650000-0x0000000002717000-memory.dmp

        Filesize

        796KB

        Download