78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 05:17

Target

78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2.exe
Size

973KB
MD5

fbb3796fae6bf4e5572724b0912bc734
SHA1

4c4827a0e3610d152ad60e2f16c767ef2698c528
SHA256

78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2
SHA512

5d354ecd34ba1fd001e5876a4bf9a36b7da3417c633339c372848d80654223866f1caf1c909682128695554870bd87e44b29e2f8249fba25257b70f72041ba32
SSDEEP

24576:K+wU+0GRJBMyaosJdRnPUKGh6qltQpoRGbkZMA0uSrre7wH5:IR0GRJ5RsBPUKGhtQugkZOKa5

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1700	78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1700	78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2.exe
1700	78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2.exe
1700	78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2.exe
1700	78b8812cd90752658203de4aecdcef5316ad000860f77b77bff8feec182828c2.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1700-54-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download