9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c

Analysis

max time kernel
152s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe
Size

983KB
MD5

560880c37e770ce5b381ee7488f7fa87
SHA1

87f1fd19ef1d3f163739f6ae687039b40efdff83
SHA256

9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c
SHA512

62c007e0e17f95487dfb2b5f81f2fe57f508ca9930192bee39babc296205d130141388f7ea2ac7e76a093335146cb5d8c238fbf3848ae31712a658f5be8be66a
SSDEEP

12288:ldF0K5feXW63uv53WkHbFaFk5d7P92ITL0+K6H0XpJO5blv2Sq7vun5++mKsH8Sz:fFZUfeJ7YI8+K6H0Zspvsvu5oTGBA

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2404 set thread context of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79
PID 2404 wrote to memory of 4412	2404	9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe	79

C:\Users\Admin\AppData\Local\Temp\9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe
"C:\Users\Admin\AppData\Local\Temp\9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe
  "C:\Users\Admin\AppData\Local\Temp\9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe"
  2⤵
  PID:4412

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\9d2211ec3a834c4c727d1910460d97b5bd864b4bb9a58fb73dfbf432cb0f342c.exe.log

Filesize
223B

MD5
1cc4c5b51e50ec74a6880b50ecbee28b

SHA1
1ba7bb0e86c3d23fb0dc8bf16798d37afb4c4aba

SHA256
0556734df26e82e363d47748a3ceedd5c23ea4b9ded6e68bd5c373c1c9f8777b

SHA512
5d5532602b381125b24a9bd78781ed722ce0c862214ef17e7d224d269e6e7045c919ab19896dd8d9ae8920726092efe0ffb776a77a9a9539c4a70188d5a4c706

Download Submit
memory/2404-132-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download
memory/2404-133-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download
memory/2404-140-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download
memory/4412-135-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/4412-136-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/4412-137-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/4412-141-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download
memory/4412-142-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download
memory/4412-143-0x0000000074AC0000-0x0000000075071000-memory.dmp

Filesize
5.7MB

Download