d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade

Analysis

max time kernel
58s
max time network
64s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25-11-2022 06:59

Target

d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe
Size

937KB
MD5

17e4d61c6926746874365d79ff263818
SHA1

5e746df37fbbcfd26593d89997ffea84a89c6959
SHA256

d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade
SHA512

177ed7745318e26e4e7e117ea5ac70bfa68c8996768bf326c4d67b676d3a7b57aca48db75b4f6f2f136f8c872e55e42f2dc00d0a2454e2f908a07044db2c8aa3
SSDEEP

24576:Oj4YKC2ab1h/h9s99JLU8xwRhscqUqAASgCcS5ej:tpCTbfh9sNLU8xwRXq78gfj

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe

pid process

304 d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe

pid	process
304	d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe
304	d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe
304	d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe
304	d52d8a598d5cf1c03aba61a11ab4a121dd5953c16fc88376e7a104f08bbdcade.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/304-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download