ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768

Analysis

max time kernel
189s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 06:49

Target

ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe
Size

2.3MB
MD5

700be8dd95ea48a80417ad96c6f5f8d6
SHA1

844d1f88844996fc3fc46cfa2e9806e5daf13326
SHA256

ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768
SHA512

777c50c142c57ed3eed0881607171bb03ca0eae329df17288af3d39ed6643e345b5e8c0544350aec9216143baf50e63b5dd49cae06399ff07e4e11340fde282a
SSDEEP

49152:BHp1bPiRwA0aPdc1kEvoe6txJ6Wf7XzoY2:16JahortxJlD

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 5 IoCs

Processes:

ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc\124\manifest.json	ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc\124\manifest.json	ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe
File created	C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc\124\manifest.json	ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc\124\manifest.json	ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe
File created	C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhbmojliagbancdcmookpmaaoipjifmc\124\manifest.json	ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe

C:\Users\Admin\AppData\Local\Temp\ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe
"C:\Users\Admin\AppData\Local\Temp\ef4bddcebf517563f2e0d1791557c3757950e79b3e33fa786a203c1182dca768.exe"
1⤵
- Drops Chrome extension
PID:1792

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/1792-132-0x0000000000CC0000-0x0000000000D62000-memory.dmp

Filesize
648KB

Download