Overview

overview

7

Static

static

2ddd4e1d85...1f.exe

windows7-x64

7

2ddd4e1d85...1f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    63s
  • max time network
    92s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 06:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2ddd4e1d8556911d839d9385810ebeb28ca5765c54ea88017b3d3f5344c9af1f.exe

  • Size

    1.0MB

  • MD5

    7bf49465aa9316f76f79625b1a46fbfe

  • SHA1

    446629a7e0d60d514277e44db7468f3a2f5cf401

  • SHA256

    2ddd4e1d8556911d839d9385810ebeb28ca5765c54ea88017b3d3f5344c9af1f

  • SHA512

    4484bb73435aa99247c4296b0500b4918759da58982ace18462f0e73f4b98fae957890287ef9dcea623eed5bc62ff52b4b7ead3888eee04e41238f8892e38450

  • SSDEEP

    24576:PB8+mu4DXEz/XVsR0FJc78OhJBgRPflYm8CcP2FRGmbl+aoNt0u:POgWe+EYmEaoNj

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ddd4e1d8556911d839d9385810ebeb28ca5765c54ea88017b3d3f5344c9af1f.exe
    "C:\Users\Admin\AppData\Local\Temp\2ddd4e1d8556911d839d9385810ebeb28ca5765c54ea88017b3d3f5344c9af1f.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Users\Admin\AppData\Local\Temp\2ddd4e1d8556911d839d9385810ebeb28ca5765c54ea88017b3d3f5344c9af1f.exe
      "C:\Users\Admin\AppData\Local\Temp\2ddd4e1d8556911d839d9385810ebeb28ca5765c54ea88017b3d3f5344c9af1f.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2036

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2036-54-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-55-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-57-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-59-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-61-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-63-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-65-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-68-0x00000000753C1000-0x00000000753C3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2036-69-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-70-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/2036-71-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download