Analysis
-
max time kernel
178s -
max time network
189s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2022 17:29
Behavioral task
behavioral1
Sample
85c0f83a9344d2571e79a73829ebe22bd2e8972e15da7fd9a1ee19e67568ecb4.exe
Resource
win7-20221111-en
General
-
Target
85c0f83a9344d2571e79a73829ebe22bd2e8972e15da7fd9a1ee19e67568ecb4.exe
-
Size
556KB
-
MD5
5c051b713477ced9bb9ea9771d0e9b91
-
SHA1
add65c0f23ac8b0326437bee5cf926854e2c9a8f
-
SHA256
85c0f83a9344d2571e79a73829ebe22bd2e8972e15da7fd9a1ee19e67568ecb4
-
SHA512
a3b88509e1d62b9038b4cefa69a186d3b944d12950a9196387125ab824ef8a2de501d77a363bfd6cde801a06485297876adfc56faa184d3857b15fef27e12b82
-
SSDEEP
12288:yGosTxSzpDq5VNYdyOshT5l4/86CaIhvPfNMIM1P27QwMMT6:yGosTxSEXzOV/UaIBNLMp20wMMT6
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/1632-132-0x0000000000400000-0x0000000000522000-memory.dmp upx behavioral2/memory/1632-133-0x0000000000400000-0x0000000000522000-memory.dmp upx behavioral2/memory/1632-134-0x0000000000400000-0x0000000000522000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\PROGRA~2\is240591203.log 85c0f83a9344d2571e79a73829ebe22bd2e8972e15da7fd9a1ee19e67568ecb4.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1632 85c0f83a9344d2571e79a73829ebe22bd2e8972e15da7fd9a1ee19e67568ecb4.exe 1632 85c0f83a9344d2571e79a73829ebe22bd2e8972e15da7fd9a1ee19e67568ecb4.exe