ead3b800dcccdefeada1f825a3f1911040a965c93f16eed5c711317ab3fb7f0f

Analysis

max time kernel
91s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2023 12:49

Target

SоftwarеSetuрFilе.exe
Size

686.6MB
MD5

f5679ca36a2c3f5a619e7c35e3897db2
SHA1

55c95120c1e75389b2e45a18c0aa4bda38a9dcf9
SHA256

ead3b800dcccdefeada1f825a3f1911040a965c93f16eed5c711317ab3fb7f0f
SHA512

676bc18e5b19c7d2a44757b04667174704a23c82a4ec4b8db92bd66a63daa98cfed27337c58b6d0ffaec0cf6e9cf2a4215f1ca66d71a1e5c3964d6a9617f44f1
SSDEEP

49152:YmVlA7GqB6/KWpXeJpyYmJdIiDix/TYLAbJMZnMw2tNn1Or/GtXEJ+GRgD6Vk3jI:L8Na5XeJQpU/sLAKnMwoyXz

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1532	SоftwarеSetuрFilе.exe
1532	SоftwarеSetuрFilе.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1532	SоftwarеSetuрFilе.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/1532-132-0x0000000000F80000-0x0000000001080000-memory.dmp

Filesize
1024KB

Download
memory/1532-133-0x0000000000F80000-0x0000000001080000-memory.dmp

Filesize
1024KB

Download
memory/1532-134-0x00000000139F0000-0x0000000014008000-memory.dmp

Filesize
6.1MB

Download
memory/1532-135-0x0000000014010000-0x000000001411A000-memory.dmp

Filesize
1.0MB

Download
memory/1532-136-0x0000000014140000-0x0000000014152000-memory.dmp

Filesize
72KB

Download
memory/1532-137-0x0000000014160000-0x000000001419C000-memory.dmp

Filesize
240KB

Download
memory/1532-138-0x00000000152F0000-0x0000000015356000-memory.dmp

Filesize
408KB

Download
memory/1532-139-0x0000000015610000-0x00000000156A2000-memory.dmp

Filesize
584KB

Download
memory/1532-140-0x00000000156B0000-0x0000000015C54000-memory.dmp

Filesize
5.6MB

Download
memory/1532-141-0x0000000016020000-0x0000000016096000-memory.dmp

Filesize
472KB

Download
memory/1532-142-0x0000000015D70000-0x0000000015DC0000-memory.dmp

Filesize
320KB

Download
memory/1532-143-0x00000000160A0000-0x0000000016262000-memory.dmp

Filesize
1.8MB

Download
memory/1532-144-0x0000000016270000-0x000000001679C000-memory.dmp

Filesize
5.2MB

Download