Overview

overview

10

Static

static

10

265cf03cb7...66.exe

windows7-x64

10

265cf03cb7...66.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-01-2023 02:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.exe

  • Size

    100KB

  • MD5

    083119acb60804c6150d895d133c445a

  • SHA1

    b4ea74a0a0afe272478dc50a61925554d1638ea4

  • SHA256

    265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66

  • SHA512

    075ecf257f97de8044189fefa6fb002211f8c2430fe488d6d12bdde514f932c4c316b1d9935179debf9f788203bbc0cd8b1172ea07e0aa40dc530ba6acb02a3b

  • SSDEEP

    1536:mJv5McKmdnrc4TXNPx1vZD8qlIGrUZ5Bx5MlD7wOHUN4ZKNJf:mJeunoMXN1I+E5B/M2O0OgF

Score
10/10
poullightspywarestealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer payload 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.exe
    "C:\Users\Admin\AppData\Local\Temp\265cf03cb735b976fa1ad587bdc35f0bddfc00f92455c9b804f01468a7e51c66.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1740-132-0x0000023ACD870000-0x0000023ACD890000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1740-133-0x00007FFE98780000-0x00007FFE99241000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1740-134-0x0000023ACDC60000-0x0000023ACDC6A000-memory.dmp
    Filesize

    40KB

    Download
  • memory/1740-135-0x00007FFE98780000-0x00007FFE99241000-memory.dmp
    Filesize

    10.8MB

    Download
  • memory/1740-136-0x0000023AE9F20000-0x0000023AEA0E2000-memory.dmp
    Filesize

    1.8MB

    Download
  • memory/1740-137-0x0000023AEA620000-0x0000023AEAB48000-memory.dmp
    Filesize

    5.2MB

    Download
  • memory/1740-138-0x0000023AE90D0000-0x0000023AE90E2000-memory.dmp
    Filesize

    72KB

    Download