Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    186s
  • max time network
    187s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/02/2023, 05:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    481KB

  • MD5

    8a9b1ae9228ac082ca44cb579ed44287

  • SHA1

    68b101778eb47e73c6295a7ae9c9829100dbb36a

  • SHA256

    17d106c92dfc1083e1fb57b3e4c6bd074361d6f658a21c7548c58f7a36b4fe09

  • SHA512

    22e47b5013e3d0bac830766247b32a550a1e5f6b9e64581a55707bc13134fa97af9846a2f9d9e3169ce175e2b768f3a034d78ff054f86346861e4dab1bf95dd5

  • SSDEEP

    6144:vBdSrXqk8SEoiwW5o+pzT7R2i/52FO8YvLSqA1hnyMMdkTmwTZt5D:vCvsoi9oyzfjB2wFLSqQhXMdkiw

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4760

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4760-132-0x000000000060D000-0x000000000063B000-memory.dmp

          Filesize

          184KB

          Download

        • memory/4760-133-0x0000000002260000-0x00000000022C2000-memory.dmp

          Filesize

          392KB

          Download

        • memory/4760-134-0x0000000000400000-0x00000000004DF000-memory.dmp

          Filesize

          892KB

          Download

        • memory/4760-135-0x0000000004C80000-0x0000000005224000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/4760-136-0x000000000060D000-0x000000000063B000-memory.dmp

          Filesize

          184KB

          Download

        • memory/4760-137-0x0000000005290000-0x00000000058A8000-memory.dmp

          Filesize

          6.1MB

          Download

        • memory/4760-138-0x00000000058F0000-0x0000000005902000-memory.dmp

          Filesize

          72KB

          Download

        • memory/4760-139-0x0000000005910000-0x0000000005A1A000-memory.dmp

          Filesize

          1.0MB

          Download

        • memory/4760-140-0x0000000005A20000-0x0000000005A5C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/4760-141-0x00000000007C0000-0x0000000000826000-memory.dmp

          Filesize

          408KB

          Download

        • memory/4760-142-0x0000000006530000-0x00000000065C2000-memory.dmp

          Filesize

          584KB

          Download

        • memory/4760-143-0x00000000066F0000-0x0000000006766000-memory.dmp

          Filesize

          472KB

          Download

        • memory/4760-144-0x00000000067E0000-0x00000000069A2000-memory.dmp

          Filesize

          1.8MB

          Download

        • memory/4760-145-0x00000000069B0000-0x0000000006EDC000-memory.dmp

          Filesize

          5.2MB

          Download

        • memory/4760-146-0x0000000006FF0000-0x000000000700E000-memory.dmp

          Filesize

          120KB

          Download