8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 19:42

Target

8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe
Size

1.7MB
MD5

c0cbdc09fff518e1ac49a44916e41094
SHA1

53b91cdb5178ac101c37f081cb6691353de325f4
SHA256

8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866
SHA512

3bb37d9083bcde5db536ca883096332f9f582920d7786e216ac53ef429ffd4c2c307a1933bd167b604788493a369f517c0aa7996dc8f819fe75f0a37ea213170
SSDEEP

24576:ivPWU1v8yo3m7Fb7uaNU2+wLBMawj/lQEOPf7SXlKW3nrCHI5uPzuMvCW34RURpV:42ieiiaslQEOPjSXjnrCMFWCWoRUN

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 5 IoCs

Processes:

8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe

description	ioc	process
File created	C:\Users\WDAGUtilityAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\171\manifest.json	8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\171\manifest.json	8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe
File created	C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\171\manifest.json	8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe
File created	C:\Users\DefaultAccount\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\171\manifest.json	8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe
File created	C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggekjaligipajhljkbemifjgmlpcfkao\171\manifest.json	8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe

C:\Users\Admin\AppData\Local\Temp\8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe
"C:\Users\Admin\AppData\Local\Temp\8330554a0d87fe3940a71bf2332dee7fda6ac78d7764e09e18fdbe62164af866.exe"
1⤵
- Drops Chrome extension
PID:4868

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/4868-132-0x00000000027A0000-0x0000000002845000-memory.dmp

Filesize
660KB

Download