Analysis
-
max time kernel
30s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
14-02-2023 18:29
Static task
static1
Behavioral task
behavioral1
Sample
2e4931b68f2ba37d93dd6cd9dc2a45eb.exe
Resource
win7-20221111-en
General
-
Target
2e4931b68f2ba37d93dd6cd9dc2a45eb.exe
-
Size
6.3MB
-
MD5
2e4931b68f2ba37d93dd6cd9dc2a45eb
-
SHA1
262a0998fb05dda5b543745038a42c3d87c36b84
-
SHA256
42944063ef13019577bc5dc43df4ee39581a1ce2de95703fcacd84c5549a9b7e
-
SHA512
d19c7bb99d2f50796f79c04216017efbecccc44630351ed0e04ef1df93f6c48a092b111bbac64e84aac7ca3ed3751729329e6e5d2d4fd4f8cf77d5ae3cdb643b
-
SSDEEP
98304:xFuRNCvw5gV1QyD202iRzqKsTAH+AGhdnCzBP57cTRqp89cSsx9cC27fZXaHWRdG:34gl72S+KTaGBOcpK8otX+WRd
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
2e4931b68f2ba37d93dd6cd9dc2a45eb.exepid process 1780 2e4931b68f2ba37d93dd6cd9dc2a45eb.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1780-54-0x0000000000B70000-0x0000000001560000-memory.dmpFilesize
9.9MB
-
memory/1780-57-0x0000000000B70000-0x0000000001560000-memory.dmpFilesize
9.9MB
-
memory/1780-59-0x0000000000B70000-0x0000000001560000-memory.dmpFilesize
9.9MB
-
memory/1780-58-0x0000000000B70000-0x0000000001560000-memory.dmpFilesize
9.9MB