Overview

overview

7

Static

static

2c17beafd0...f9.exe

windows7-x64

7

2c17beafd0...f9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    133s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c17beafd02d1ba5ac92e59ae5dc15c2a6d1b08b16e71ddaea1bd76c7ca64ff9.exe

  • Size

    2.9MB

  • MD5

    6be1019a5a62543ad406da08b43fe42c

  • SHA1

    df4f2e33877167207ea61c527b228894d628d4f9

  • SHA256

    2c17beafd02d1ba5ac92e59ae5dc15c2a6d1b08b16e71ddaea1bd76c7ca64ff9

  • SHA512

    770a140ad1c44b779aeeb2d2416a0f8652e280b4efc2114b21bff2c9e386dc6de2ce195773b36d01ae11e0c3092c4b89b4c04eb67c9f221d0622f962fdc4d033

  • SSDEEP

    49152:FtSReSLtvO/jOL3IdN190bZWKHkLRMUBtPuLC2wg:/lSR3LU90b0uKftK

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c17beafd02d1ba5ac92e59ae5dc15c2a6d1b08b16e71ddaea1bd76c7ca64ff9.exe
    "C:\Users\Admin\AppData\Local\Temp\2c17beafd02d1ba5ac92e59ae5dc15c2a6d1b08b16e71ddaea1bd76c7ca64ff9.exe"
    1⤵
    • Drops Chrome extension
    • Suspicious behavior: EnumeratesProcesses
    PID:768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/768-132-0x0000000003410000-0x00000000034B6000-memory.dmp

    Filesize

    664KB

    Download