Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    106s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/02/2023, 04:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    395KB

  • MD5

    20d78fee05f2b1a78ec3e4afb4f66014

  • SHA1

    9da8146f201b568752186870b5bb69f122119914

  • SHA256

    fc311b42a5e6430bdd1e16913ebf1027deefb6ce28ce29a5a0524b97ccda9cb3

  • SHA512

    858f30fe8b0c9ba0f2dc30aa22818556cfc6e0c8d197f34eb0b50ac4f4075dda9ca919181fbc29744ec400794c882dcac43ebff122157b991b33780fb20c2dce

  • SSDEEP

    6144:pLCfLROIML/5EKckbyty4GzNgmIeebJ1u6VI4CGuQj9Bb5a:Zwlbc/5FnygrRgneevjntljft

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4288
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 1448
      2⤵
      • Program crash
      PID:1408
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4288 -ip 4288
    1⤵
      PID:1348

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4288-132-0x0000000004CF0000-0x0000000005294000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4288-133-0x00000000006CF000-0x00000000006FD000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4288-135-0x0000000000400000-0x00000000004DF000-memory.dmp

      Filesize

      892KB

      Download

    • memory/4288-134-0x0000000002150000-0x00000000021B2000-memory.dmp

      Filesize

      392KB

      Download

    • memory/4288-136-0x00000000052A0000-0x00000000058B8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4288-137-0x00000000058F0000-0x0000000005902000-memory.dmp

      Filesize

      72KB

      Download

    • memory/4288-138-0x0000000005910000-0x0000000005A1A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4288-139-0x0000000005A20000-0x0000000005A5C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/4288-140-0x0000000005D30000-0x0000000005D96000-memory.dmp

      Filesize

      408KB

      Download

    • memory/4288-141-0x0000000006400000-0x0000000006492000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4288-142-0x00000000064B0000-0x0000000006526000-memory.dmp

      Filesize

      472KB

      Download

    • memory/4288-143-0x0000000006580000-0x000000000659E000-memory.dmp

      Filesize

      120KB

      Download

    • memory/4288-144-0x0000000006620000-0x00000000067E2000-memory.dmp

      Filesize

      1.8MB

      Download

    • memory/4288-145-0x00000000067F0000-0x0000000006D1C000-memory.dmp

      Filesize

      5.2MB

      Download

    • memory/4288-146-0x00000000006CF000-0x00000000006FD000-memory.dmp

      Filesize

      184KB

      Download

    • memory/4288-147-0x0000000000400000-0x00000000004DF000-memory.dmp

      Filesize

      892KB

      Download