Analysis
-
max time kernel
33s -
max time network
39s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
28-11-2022 05:15
Static task
static1
Behavioral task
behavioral1
Sample
7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe
Resource
win7-20220812-en
windows7-x64
3 signatures
150 seconds
General
-
Target
7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe
-
Size
973KB
-
MD5
2f86d8707af266dea18ea86da7c10479
-
SHA1
c135206087479a45b33d60693004a20a2506bdb1
-
SHA256
7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee
-
SHA512
69d461d350710eeb1f47591e4f80bfd9ec29182c0712552bf766762baee6ad34822512754ec105e820b2d165f6a0b977a9ee95a48211a1e1b34d8f74b5ab1986
-
SSDEEP
24576:K+wU+0GRJBMyaosJdRnPUKGh6qltQpoRGbkZMA0uSrrm7wH5:IR0GRJ5RsBPUKGhtQugkZOSa5
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1488 7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 1488 7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe 1488 7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe 1488 7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe 1488 7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe"C:\Users\Admin\AppData\Local\Temp\7f8404744c12fbc241c4968e69788d3229d8cb9811fa5d6abf6a269a468c80ee.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1488