19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c

Analysis

max time kernel
28s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 05:47

Target

19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c.exe
Size

973KB
MD5

cca8e55d795d1ea71a336e573f4cb38f
SHA1

9439b10424ce55d2ebda1b05b3a0e09123d851e1
SHA256

19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c
SHA512

3f463ffe8121b2c536ec3e32800b6cf811d0149547de1b404fdf35501785b84bbffd50dbaa23a41cedbd38268eee4bc189e3a434ee39cb66445ac52ee672effc
SSDEEP

24576:K+wU+0GRJBMyaosJdRnPUKGh6qltQpoRGbkZMA0uSrrl7wH5:IR0GRJ5RsBPUKGhtQugkZOHa5

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1212	19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1212	19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c.exe
1212	19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c.exe
1212	19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c.exe
1212	19a9991151e70bfdedf54de5d81b7c469433af59a1e1348f5b6ad2d105e4349c.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1212-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download