Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28-03-2023 07:08
Behavioral task
behavioral1
Sample
c3d8ee8d15499dcb98d390faa1db03e0.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
c3d8ee8d15499dcb98d390faa1db03e0.exe
-
Size
4.3MB
-
MD5
c3d8ee8d15499dcb98d390faa1db03e0
-
SHA1
f95a309ec2b8d114518fffc4722898e1e3229da4
-
SHA256
ab271dbdb2fe1167e203eb5693a107b5f75a4abc427990f1610c6f36798e0575
-
SHA512
56b166f46acec2b83726ed03ba0a6ab959b79aa502ee37959601b14387a60f88459bb35ecb8e5b34f7f4649e8c89640c102877ef3ca3e8db145793de6cb79828
-
SSDEEP
98304:6ap4irM3hZlWJG58Cch6a+UWiOoZVQWKVxBmddK8V+i4A:miriPl35fPUWXunKsdd1+g
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral1/memory/936-54-0x0000000000890000-0x00000000016F1000-memory.dmp upx -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
c3d8ee8d15499dcb98d390faa1db03e0.execmd.exedescription pid process target process PID 936 wrote to memory of 544 936 c3d8ee8d15499dcb98d390faa1db03e0.exe cmd.exe PID 936 wrote to memory of 544 936 c3d8ee8d15499dcb98d390faa1db03e0.exe cmd.exe PID 936 wrote to memory of 544 936 c3d8ee8d15499dcb98d390faa1db03e0.exe cmd.exe PID 544 wrote to memory of 332 544 cmd.exe choice.exe PID 544 wrote to memory of 332 544 cmd.exe choice.exe PID 544 wrote to memory of 332 544 cmd.exe choice.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c3d8ee8d15499dcb98d390faa1db03e0.exe"C:\Users\Admin\AppData\Local\Temp\c3d8ee8d15499dcb98d390faa1db03e0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\Users\Admin\AppData\Local\Temp\c3d8ee8d15499dcb98d390faa1db03e0.exe2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\choice.exechoice /C Y /N /D Y /T 03⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/936-54-0x0000000000890000-0x00000000016F1000-memory.dmpFilesize
14.4MB