Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
25-11-2022 01:50
General
-
Target
4c2b3df6861e8fd741fa354d9b1b36209efd6fb2e33473389c6f06557cf5b414.exe
-
Size
326KB
-
MD5
c0908ca25850df085d10b650868c0668
-
SHA1
01d74bc94b3e07696be29ced2731f84c2eb8a5e3
-
SHA256
4c2b3df6861e8fd741fa354d9b1b36209efd6fb2e33473389c6f06557cf5b414
-
SHA512
f93b4e1da01b2a29a18693ada94054f14084d134b498f7dcd9c07504b1bf8590a99188e7d83609f70045c3be2bcb1114b6465c20d4ad1b8ad9ae3fc5fbc7ea63
-
SSDEEP
6144:znL4aJQaCqir7K3u3zy7gKymhXotr38aJOTdQmje5chHvLwoHtv80UWFR05Q6+1Z:zvyyvTYHw5TrUs
Score
7/10
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops desktop.ini file(s) 2 IoCs
-
Drops file in Windows directory 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c2b3df6861e8fd741fa354d9b1b36209efd6fb2e33473389c6f06557cf5b414.exe"C:\Users\Admin\AppData\Local\Temp\4c2b3df6861e8fd741fa354d9b1b36209efd6fb2e33473389c6f06557cf5b414.exe"1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2068-132-0x00007FFA96E20000-0x00007FFA97856000-memory.dmpFilesize
10.2MB