Overview

overview

8

Static

static

c20624bce4...ad.exe

windows7-x64

8

c20624bce4...ad.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    263s
  • max time network
    321s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c20624bce48c4b0f9ed8cff8d51fcd3017ae53e42eef682dcfbe8f63ff8fbfad.exe

  • Size

    919KB

  • MD5

    fd6c91c19dd5565ddf9223e74dfbebff

  • SHA1

    0c2f84b59115b08930a74d545958ae972f12e3f8

  • SHA256

    c20624bce48c4b0f9ed8cff8d51fcd3017ae53e42eef682dcfbe8f63ff8fbfad

  • SHA512

    5030b5f7223f16dc90ccf3a0ebc6f21075a86b55fdefddcef9abf7b4d6cdbe1e133a004ab28fb24026b18379be46b127aac4b3049593ab88d1d72184ee0ee310

  • SSDEEP

    24576:h1OYdaOLMtdHAqcdDVhYwiei7+EpFAh/kKy:h1OsCPHVmVhYwiLtKkKy

Score
8/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c20624bce48c4b0f9ed8cff8d51fcd3017ae53e42eef682dcfbe8f63ff8fbfad.exe
    "C:\Users\Admin\AppData\Local\Temp\c20624bce48c4b0f9ed8cff8d51fcd3017ae53e42eef682dcfbe8f63ff8fbfad.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Users\Admin\AppData\Local\Temp\7zSC7BB.tmp\hhECqWZ1G9fJxhr.exe
      .\hhECqWZ1G9fJxhr.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:5044

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zSC7BB.tmp\hhECqWZ1G9fJxhr.dat
    Filesize

    1KB

    MD5

    b1e0649773830d4dc46b471ed226b3ee

    SHA1

    56cfc01f1261737a1209ebc6e8ac6ae9b60966a0

    SHA256

    ebe919bfdb79715cbc070f1d4cb0d8aaff134917711baed78fff898582b2e086

    SHA512

    29520d30a42850188a17182cd41613596ea231bab2f4f9bbe6f8ea35ca4a8999a71726cf8e0032872fbac3a3fc19944430b6c4facc8cfdc4356aff40ed295b6a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zSC7BB.tmp\hhECqWZ1G9fJxhr.exe
    Filesize

    760KB

    MD5

    dcd148f6f3af3e3b0935c4fcc9f41811

    SHA1

    ee9bdbc7c568c7832d90b85921ab20030b6734cd

    SHA256

    f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

    SHA512

    34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zSC7BB.tmp\hhECqWZ1G9fJxhr.exe
    Filesize

    760KB

    MD5

    dcd148f6f3af3e3b0935c4fcc9f41811

    SHA1

    ee9bdbc7c568c7832d90b85921ab20030b6734cd

    SHA256

    f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

    SHA512

    34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

    Download Submit
  • memory/5044-132-0x0000000000000000-mapping.dmp
    Download