Overview

overview

7

Static

static

file.exe

windows7-x64

7

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    67s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2023, 17:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    5.4MB

  • MD5

    21f2009c37453c4bd539d3c2359732c5

  • SHA1

    82604168fc5fff29fcc38bd67d97b0771d7e78a3

  • SHA256

    0f65bc97cf2e48931942d8950ea0afbc63737ee2f133548bd851e07b58f9debb

  • SHA512

    4e3b48f18560efb63371862efb0bf2731b8ce69146627864fdba26637421e5ae7ca8640dad56d6f7c9b971be8e037e5fdb55bdc00c9e7b8ac20cacc8edd4fb73

  • SSDEEP

    49152:6tSHkCyvh0uhRLTxd+K7EIrbgGCpLXadU/8IrOZHZVRcfM62d7EpoW/61jn+E0tE:65veub/x6ebgGCpLXSRZ0hsx97Du

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4496

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads