fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998

Analysis

max time kernel
39s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998.exe
Size

80KB
MD5

582d15f5103a6ba3697ed6a0d42998bc
SHA1

2c88fa48aef185584a908beea726729a3acab090
SHA256

fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998
SHA512

89b935794efb48571ac771144d434579b40c45d4308ba72834c4c31b32123210c2079ed791b358d3e278bfa661601cb8ee9a9c7907587a61657ccb65ac731b33
SSDEEP

1536:8lcbkxQBjOpHTJKqOPI8F62lvdczS4/eEByf4ExqK9/ziDvd:8likxQUtTJK5bhdcG4/eMyf4Eh9ziDd

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1624	DllHost.exe

C:\Users\Admin\AppData\Local\Temp\fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998.exe
"C:\Users\Admin\AppData\Local\Temp\fe0b813147f600be5e63c90c476a6e18310f85132883cbe62ca510ca811ed998.exe"
1⤵
PID:1988

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:1624

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ZURKA!.jpg

Filesize
39KB

MD5
f5c7fb1261838e8223b38d0ad993ba1c

SHA1
e36feefae6bce6a4653548fd172c1facc5716a92

SHA256
7241136aa8191e8226e1b9a646a9c39a945205dfde19288a0cff1afe6c88849d

SHA512
d60ba8a9a1238ab090842c65ef6e64b907d64d7704524c7a12d5022011cc1fc88e2dfab2eecf7a162306fc52044fc012f06b9d721e6d42b765c0dc9539cb0824

Download Submit
memory/1988-54-0x0000000075911000-0x0000000075913000-memory.dmp

Filesize
8KB

Download