d0fe935bc726e951311771cd3611c5536feae7a1315e3583551505b1c9a366f9 | Triage

Analysis

max time kernel
31s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04/05/2023, 13:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d0fe935bc726e951311771cd3611c5536feae7a1315e3583551505b1c9a366f9.exe
Size

252KB
MD5

25b1e06bc7fd0341a7826a1fa68af5ad
SHA1

2e2b1ee46f607674dcc1089310197b9d94e57cf8
SHA256

d0fe935bc726e951311771cd3611c5536feae7a1315e3583551505b1c9a366f9
SHA512

c120af45e3d066348efb50f6c751e22ab73b39a7a5369c14f9335c1247dca02d7965317570b3a4402f3752149a5c91383689ae9d57f9fbd7d9c60a8b0103fa55
SSDEEP

3072:zwE3Fjfh1JervmVCyD3lZ6KmTmaNQYJ5MeIfO4aOpzyGC25pPUIAjchtz+EbgKn:vCyjl/UqFpSch9Rn

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\d0fe935bc726e951311771cd3611c5536feae7a1315e3583551505b1c9a366f9.exe
"C:\Users\Admin\AppData\Local\Temp\d0fe935bc726e951311771cd3611c5536feae7a1315e3583551505b1c9a366f9.exe"
1⤵
PID:2004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-54-0x00000000003B0000-0x00000000003D1000-memory.dmp

Filesize
132KB

Download
memory/2004-55-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/2004-56-0x00000000003B0000-0x00000000003D1000-memory.dmp

Filesize
132KB

Download