Overview

overview

7

Static

static

3100c094e0...5b.exe

windows7-x64

7

3100c094e0...5b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    186s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 00:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3100c094e0adf9dae8e234095170fbcb5533c62ef08fcd9af892672b669c9d5b.exe

  • Size

    1.0MB

  • MD5

    3678d5bee06a37e5c3698c234ad794c5

  • SHA1

    774f3c5c2585bc2fd3834d0fc2662b613a91fdd8

  • SHA256

    3100c094e0adf9dae8e234095170fbcb5533c62ef08fcd9af892672b669c9d5b

  • SHA512

    567c8fffe7ab79ef5d1217a48c2aec283219dc131c13ad65e1016c5f981dc525bc822d7af7ed3ebf0146e58b82637a22b9a2fd77cace3807f53a541561115fec

  • SSDEEP

    24576:WtPzsaPxK4VBF6NHLsn5BB1nxdM6y9N1Fu0hyRl/:soaPxNF6ent1x+6y9Nt0d

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3100c094e0adf9dae8e234095170fbcb5533c62ef08fcd9af892672b669c9d5b.exe
    "C:\Users\Admin\AppData\Local\Temp\3100c094e0adf9dae8e234095170fbcb5533c62ef08fcd9af892672b669c9d5b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:5088
    • C:\Users\Admin\AppData\Local\Temp\3100c094e0adf9dae8e234095170fbcb5533c62ef08fcd9af892672b669c9d5b.exe
      "C:\Users\Admin\AppData\Local\Temp\3100c094e0adf9dae8e234095170fbcb5533c62ef08fcd9af892672b669c9d5b.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4588

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4588-133-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/4588-134-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/4588-135-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/4588-136-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download

        • memory/4588-137-0x0000000000400000-0x00000000004F5000-memory.dmp

          Filesize

          980KB

          Download