9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 00:23

Target

9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe
Size

1.0MB
MD5

b7092684a1ca132cbe81c65bf033b787
SHA1

56d296a580e1106d9ffe5cbc0fb7642ca47584c7
SHA256

9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f
SHA512

ec83c43958f0f0b363ce6a0e699651c080bb2f6d6bd84fe0dd55f50a6d485d968c3b3a87ee7e5556fab7ec91369b8b362374c62c61856609835f44dd13d08549
SSDEEP

24576:u0bs2agxSL4x33q7d9EljaB4CNpk0+LRjiF4pOaCgi5CICjNeo:uczHxSL4xK77EljaB4CNpk0+FuuOaCgZ

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 868 set thread context of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3888	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe
3888	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80
PID 868 wrote to memory of 3888	868	9f4516a790217946fae936055e0e8ed479f4f9d4dd4500245e3a72416318a08f.exe	80

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/3888-133-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3888-134-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3888-135-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3888-136-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download
memory/3888-137-0x0000000000400000-0x00000000004F2000-memory.dmp

Filesize
968KB

Download