e2e4a835f18a4c933d63439000c82e93f68f23b57d3b41bc0a205d2ad51804a4 | Triage

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 00:46

Sharing

Report Analysis Logs

General

Target

e2e4a835f18a4c933d63439000c82e93f68f23b57d3b41bc0a205d2ad51804a4.exe
Size

21KB
MD5

63cfc72b5ec01d9100db48ce0353963b
SHA1

a798098d774cedd7556b87a2985c9b951470d761
SHA256

e2e4a835f18a4c933d63439000c82e93f68f23b57d3b41bc0a205d2ad51804a4
SHA512

46959bcb9daa73763bfe65666cf1af05a42185ae1affd6cbccd698530654f12a0c653da8eb7e9a29e6d7f283d293e6e05c98d5f2653d5f5e8554fb3eb48c50b4
SSDEEP

384:Rd6o+tAzR67J0VvMVOzHVgfSGByae3ByBbzxFxvowRj7aoWjReMzcfuG:R4oMAzR66LwCwBbzx3owA

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\e2e4a835f18a4c933d63439000c82e93f68f23b57d3b41bc0a205d2ad51804a4.exe
"C:\Users\Admin\AppData\Local\Temp\e2e4a835f18a4c933d63439000c82e93f68f23b57d3b41bc0a205d2ad51804a4.exe"
1⤵
PID:1716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1716-54-0x00000000765B1000-0x00000000765B3000-memory.dmp

Filesize
8KB

Download