Analysis
-
max time kernel
48s -
max time network
57s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
10-04-2023 14:58
General
-
Target
94f79307cf406166058b66af4ef21d3eb58051b1d1dd0ec793e5406fc59fb7e8.exe
-
Size
37KB
-
MD5
4f0402bf30445ece92c85cd3ee8240ac
-
SHA1
26d327332540b1bbe091db0f7e2345a1295ae271
-
SHA256
94f79307cf406166058b66af4ef21d3eb58051b1d1dd0ec793e5406fc59fb7e8
-
SHA512
a43cee4c53bc87d1507455b00350b5fcf0ccf64bf0a615b1215e163cd0899eace9906f80d61583ef65fa38669bbf93f5af71948080abe8047cab5950d5914396
-
SSDEEP
768:qz5oDHOiKsJOqee51+SJ5K1BbDUZLxilVHSc0m/pWtHWpHWXBZlLBB1DezPmE/nz:qz5ziKsJOqeov4bDQOxQbeRz
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\94f79307cf406166058b66af4ef21d3eb58051b1d1dd0ec793e5406fc59fb7e8.exe"C:\Users\Admin\AppData\Local\Temp\94f79307cf406166058b66af4ef21d3eb58051b1d1dd0ec793e5406fc59fb7e8.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && DEL /F /S /Q /A "C:\Users\Admin\AppData\Local\Temp\94f79307cf406166058b66af4ef21d3eb58051b1d1dd0ec793e5406fc59fb7e8.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 650013⤵
-
-
C:\Windows\system32\PING.EXEping 127.0.0.13⤵
- Runs ping.exe
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
320KB