Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/02/2023, 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    421KB

  • MD5

    a64192758f007855605a937e59c34f5c

  • SHA1

    9146136b8edfaf33a417be2d0d29b9fa4e9fd814

  • SHA256

    ba504fe81eba382ceb7bf5ab201a0c171cd12d3df8aba5a89d6fd2625e704a25

  • SHA512

    16519b533fd1cc4d8bf6664d44d026ef5dee70dd2df47a80d3c03bfe8d19ed2a05ad34449236dd629527add818c2946df1915e2285b7c79a1af6357bb8e71458

  • SSDEEP

    6144:Gxw91LVMiWE5aSd5YRJmKSwwRvONGHU8p7sH5Ac3lwKwpxfjV6ptCbNKN:Gxw915M9yaSQbFSwa2N+U8pYZAglej

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4056
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 1248
      2⤵
      • Program crash
      PID:4676
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4056 -ip 4056
    1⤵
      PID:4636

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4056-132-0x000000000079E000-0x00000000007CC000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4056-133-0x0000000002220000-0x0000000002282000-memory.dmp

      Filesize

      392KB

      Download

    • memory/4056-134-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download

    • memory/4056-135-0x0000000004DD0000-0x0000000005374000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4056-136-0x0000000005380000-0x0000000005998000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4056-137-0x0000000004CC0000-0x0000000004CD2000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4056-138-0x00000000059A0000-0x0000000005AAA000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4056-139-0x0000000004CE0000-0x0000000004D1C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4056-140-0x0000000005E30000-0x0000000005E96000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4056-141-0x00000000064F0000-0x0000000006582000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4056-142-0x00000000066A0000-0x0000000006716000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4056-143-0x0000000006750000-0x000000000676E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4056-144-0x000000000079E000-0x00000000007CC000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4056-145-0x0000000006880000-0x0000000006A42000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4056-146-0x0000000006A50000-0x0000000006F7C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4056-147-0x000000000079E000-0x00000000007CC000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4056-148-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download