Overview

overview

8

Static

static

a8ab2358f2...85.exe

windows7-x64

8

a8ab2358f2...85.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    296s
  • max time network
    276s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 21:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8ab2358f2260e52a78ff8cf40a30c96d5fe72b9da0cd3f3859d7d77645fae85.exe

  • Size

    920KB

  • MD5

    17da1c87f7200efcb6279021956e15e4

  • SHA1

    bdaa690f5f1371c0c70219003429f10205fb732f

  • SHA256

    a8ab2358f2260e52a78ff8cf40a30c96d5fe72b9da0cd3f3859d7d77645fae85

  • SHA512

    759ecd272b0046a5c0f280018e86083bda7c58e0492dd164283e565a8eff82c706ae10e939be9ae95aaf76f44961ec84da10f8efbc885092e31632ad24ec1fd7

  • SSDEEP

    24576:h1OYdaObMtdHAqcdDVhYwiei7+EpFAh/kKW:h1OsSPHVmVhYwiLtKkKW

Score
8/10
spywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8ab2358f2260e52a78ff8cf40a30c96d5fe72b9da0cd3f3859d7d77645fae85.exe
    "C:\Users\Admin\AppData\Local\Temp\a8ab2358f2260e52a78ff8cf40a30c96d5fe72b9da0cd3f3859d7d77645fae85.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:960
    • C:\Users\Admin\AppData\Local\Temp\7zSAC24.tmp\EDlGIqo4bS5o1eV.exe
      .\EDlGIqo4bS5o1eV.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1000

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7zSAC24.tmp\EDlGIqo4bS5o1eV.dat
    Filesize

    1KB

    MD5

    8a44108fa3d9faf300cdff80cd51026b

    SHA1

    9ced5a7b936baf8df103f76868a547152f55db36

    SHA256

    3377f47c1626fb8622dca4fc44de7378728dfd97e8e564da01a6c0b9c078830d

    SHA512

    8b88ad2ff01228a7a3f4a4131d16aee4aa40591d4d50a153329ba4009673271b149faa27913678d29c5b72542057580cf9b300d962a1569478a25e50064e0989

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zSAC24.tmp\EDlGIqo4bS5o1eV.exe
    Filesize

    760KB

    MD5

    dcd148f6f3af3e3b0935c4fcc9f41811

    SHA1

    ee9bdbc7c568c7832d90b85921ab20030b6734cd

    SHA256

    f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

    SHA512

    34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zSAC24.tmp\EDlGIqo4bS5o1eV.exe
    Filesize

    760KB

    MD5

    dcd148f6f3af3e3b0935c4fcc9f41811

    SHA1

    ee9bdbc7c568c7832d90b85921ab20030b6734cd

    SHA256

    f8689641199c6fc430121797965485d95abfbc430753e0e668817ab3b511a1e4

    SHA512

    34be8e60dc2decf8287a71516f359e80bb858ce52218dde1b01c821c9b95be38821f068b79b0da8dbe90865560e7ddab77b25e3971dda9be667fb3ae8f174886

    Download Submit
  • memory/1000-132-0x0000000000000000-mapping.dmp
    Download