cd630f7f5f0aa05e32fe442ad569c6f269c048fcdf6eae3006b364c400e9fae2

Analysis

max time kernel
166s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:09

Target

cd630f7f5f0aa05e32fe442ad569c6f269c048fcdf6eae3006b364c400e9fae2.exe
Size

79KB
MD5

88f931d24be1478b2e879d32ca6ddc01
SHA1

7d0950127c3b9fe9d753e9d5723c3998bfaaead2
SHA256

cd630f7f5f0aa05e32fe442ad569c6f269c048fcdf6eae3006b364c400e9fae2
SHA512

1a105c991c5a6e3a7f823318d2c71b83072dec4d3e03212fc07b8f0b461441f4532caa819bf4416947b69e8fc8e01ba5311a42266e5bf18247a84e57dafd56cb
SSDEEP

1536:5qBcii4oxvWULLrlnm5a36IJaGAixcEvE:5qBcefMLBnmngrAiv8

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1596	2620	WerFault.exe	64

C:\Users\Admin\AppData\Local\Temp\cd630f7f5f0aa05e32fe442ad569c6f269c048fcdf6eae3006b364c400e9fae2.exe
"C:\Users\Admin\AppData\Local\Temp\cd630f7f5f0aa05e32fe442ad569c6f269c048fcdf6eae3006b364c400e9fae2.exe"
1⤵
PID:2620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 472
  2⤵
  - Program crash
  PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2620 -ip 2620
1⤵
PID:2128

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact