Analysis
-
max time kernel
87s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
11-04-2023 17:25
Static task
static1
Behavioral task
behavioral1
Sample
tmpF82D.tmp.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
General
-
Target
tmpF82D.tmp.exe
-
Size
37KB
-
MD5
4f0402bf30445ece92c85cd3ee8240ac
-
SHA1
26d327332540b1bbe091db0f7e2345a1295ae271
-
SHA256
94f79307cf406166058b66af4ef21d3eb58051b1d1dd0ec793e5406fc59fb7e8
-
SHA512
a43cee4c53bc87d1507455b00350b5fcf0ccf64bf0a615b1215e163cd0899eace9906f80d61583ef65fa38669bbf93f5af71948080abe8047cab5950d5914396
-
SSDEEP
768:qz5oDHOiKsJOqee51+SJ5K1BbDUZLxilVHSc0m/pWtHWpHWXBZlLBB1DezPmE/nz:qz5ziKsJOqeov4bDQOxQbeRz
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 ip-api.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
tmpF82D.tmp.exedescription pid Process Token: SeDebugPrivilege 1516 tmpF82D.tmp.exe