967bc98873d83c82db5cae736cc195664b97194c9936ced47344c55178e60284 | Triage

Analysis

max time kernel
150s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:55

Sharing

Report Analysis Logs

General

Target

967bc98873d83c82db5cae736cc195664b97194c9936ced47344c55178e60284.exe
Size

92KB
MD5

c77b97954791f7cd121d9ccec76fd478
SHA1

829e70b20ea2a748b4ac74e95d2cd3670f0e3783
SHA256

967bc98873d83c82db5cae736cc195664b97194c9936ced47344c55178e60284
SHA512

fe6e4f83be2faa66972d5546eb1055d1b04de7635998c2db4a9786adf02102a07b8ed1e5d864650de5e059549dd2851d5cccfbef5f93a67d3c0394543fb5bb5e
SSDEEP

1536:WDGe2DKV7GcAJ4cRpa/Tb66JNULlSZ5h6T714g8RAdg8huqQNWOTUr3ABi:3e2DCGcY4cRpa/T+3LlU5MmgjFEVWOg3

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\967bc98873d83c82db5cae736cc195664b97194c9936ced47344c55178e60284.exe
"C:\Users\Admin\AppData\Local\Temp\967bc98873d83c82db5cae736cc195664b97194c9936ced47344c55178e60284.exe"
1⤵
PID:1932

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1932-132-0x00000000005B0000-0x00000000005CB000-memory.dmp

Filesize
108KB

Download
memory/1932-133-0x00000000005B0000-0x00000000005CB000-memory.dmp

Filesize
108KB

Download
memory/1932-134-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/1932-135-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download