Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-02-2023 16:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    416KB

  • MD5

    05cce02c0341e2ccb097cc41bac3a92a

  • SHA1

    d246a6d26cab9b912e778f34e0a088256e4f5c42

  • SHA256

    5bab80a861d325c8cf98c898f427da01676b465de826543fd435b7a7ffbafdb8

  • SHA512

    1abb5f377682e6674604f256eb78bcbbeccfb6133cd8140b96dcd2061ff9c8a17faef81b419b5bb2a9d8c9cc86ad034e0d2dbc28e892e415284c06c6a53371de

  • SSDEEP

    6144:L2Orptl2sH4+mNBHJ3mFAJQgxYiYs8W/sUxLiqeBlv:LX9Pj8p37JHYXoho9

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2548

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2548-132-0x0000000004D60000-0x0000000005304000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/2548-133-0x00000000006DF000-0x000000000070D000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-135-0x0000000000400000-0x00000000004E3000-memory.dmp

    Filesize

    908KB

    Download

  • memory/2548-134-0x0000000002160000-0x00000000021C2000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2548-136-0x0000000005310000-0x0000000005928000-memory.dmp

    Filesize

    6.1MB

    Download

  • memory/2548-137-0x00000000028E0000-0x00000000028F2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2548-138-0x0000000005930000-0x0000000005A3A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2548-139-0x0000000005A40000-0x0000000005A7C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/2548-140-0x00000000006DF000-0x000000000070D000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-141-0x0000000006110000-0x0000000006176000-memory.dmp

    Filesize

    408KB

    Download

  • memory/2548-142-0x0000000006540000-0x00000000065D2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/2548-143-0x0000000006700000-0x0000000006776000-memory.dmp

    Filesize

    472KB

    Download

  • memory/2548-144-0x00000000067F0000-0x00000000069B2000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2548-145-0x00000000069C0000-0x0000000006EEC000-memory.dmp

    Filesize

    5.2MB

    Download

  • memory/2548-146-0x0000000007000000-0x000000000701E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2548-147-0x00000000006DF000-0x000000000070D000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2548-148-0x0000000000400000-0x00000000004E3000-memory.dmp

    Filesize

    908KB

    Download