ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4

Analysis

max time kernel
25s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05-05-2023 18:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4.exe
Size

478KB
MD5

edca6b72afb530c08341cd47445646d9
SHA1

5909cb5df7306fed012892f569fd532e309ff771
SHA256

ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4
SHA512

7e1c69c8332fa8043d291be71a8fa826f384839cf26ed0f01c5afd71a4d4798f7d23fd2d9a4f6a80389a4e1ce647ea055d465cd3b96ed84a107cde96e132ccd4
SSDEEP

12288:CHRHC9B1JKQ+fkplRNDn0sQVJS9GbbYLAWsnGl:Cxi9B16fkxB0P2krGl

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1744	ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1744	ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4.exe

C:\Users\Admin\AppData\Local\Temp\ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4.exe
"C:\Users\Admin\AppData\Local\Temp\ae444c496eeff949194f6c6610fb8440aba8c2ec02409b38cfda986ed3ecbbd4.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-55-0x0000000002270000-0x00000000022AC000-memory.dmp

Filesize
240KB

Download
memory/1744-56-0x00000000022B0000-0x00000000022EA000-memory.dmp

Filesize
232KB

Download
memory/1744-72-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-80-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-92-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-100-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-106-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-116-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-120-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-118-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-114-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-112-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-110-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-108-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-104-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-221-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/1744-219-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/1744-217-0x0000000000220000-0x0000000000266000-memory.dmp

Filesize
280KB

Download
memory/1744-102-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-98-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-96-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-94-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-90-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-88-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-86-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-84-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-82-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-78-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-76-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-74-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-70-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-68-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-66-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-64-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-62-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-60-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-58-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-57-0x00000000022B0000-0x00000000022E5000-memory.dmp

Filesize
212KB

Download
memory/1744-852-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/1744-854-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/1744-855-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/1744-856-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download
memory/1744-857-0x0000000004D50000-0x0000000004D90000-memory.dmp

Filesize
256KB

Download