350edaca28b1572c31165431bafc7d1e0552c45f3186ffa039de33a58e55144e | Triage

Submit
Reports

Overview

overview

Static

static

817ee46423...a1.exe

windows7-x64

7

817ee46423...a1.exe

windows10-2004-x64

7

Analysis

max time kernel
53s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2023 19:42

Sharing

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

817ee46423164cf2502ae2accffecaa1.exe

Resource

win7-20230220-en

discovery spyware stealer

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

817ee46423164cf2502ae2accffecaa1.exe

Resource

win10v2004-20230220-en

discovery spyware stealer

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

817ee46423164cf2502ae2accffecaa1.exe
Size

174KB
MD5

817ee46423164cf2502ae2accffecaa1
SHA1

565cf5d2a163b63cf77e15e9e0800f760e7af92a
SHA256

350edaca28b1572c31165431bafc7d1e0552c45f3186ffa039de33a58e55144e
SHA512

5fa849b19455fdb0f6b20cd393f6cdea5b23d79ba0263533d3dfdad8b0ef517c3729201b67e06b4c56bb71db1b956eba888b28ae6ac8b2d9415ae99fe7c07b46
SSDEEP

3072:zVIfP18LszB9a93iz5AOmbKtpJCjutK6n58+ZMCTXlmIghEHCL9OqiWLBWQAAf:zo18eY3sSOGc5HMel+hEHEqw

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Processes

C:\Users\Admin\AppData\Local\Temp\817ee46423164cf2502ae2accffecaa1.exe
"C:\Users\Admin\AppData\Local\Temp\817ee46423164cf2502ae2accffecaa1.exe"
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

© 2018-2024

Terms | Privacy