5becf7e0899e0cc81e41d67d5b52e707dda03d155330605498b1b770a5200508 | Triage

Analysis

max time kernel
28s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06/05/2023, 02:14

Sharing

Report Analysis Logs

General

Target

67eaee66522dc72cb0e8d9722f0fe531fa9ed1634cf26cf2467519fc4b6defc0.exe
Size

256KB
MD5

686de24acfa700d4cde2ad67896c2c4c
SHA1

040c7e6e8fb0027e176726b430617dd0a7986619
SHA256

67eaee66522dc72cb0e8d9722f0fe531fa9ed1634cf26cf2467519fc4b6defc0
SHA512

850da53957cc9936940bc9463975fad6314f27a4d5c3aa5ab87da0185dc2c494d379644b68f75e62bde62e2b347c21b974412fe0476e72538e03834ffc2758dd
SSDEEP

3072:A2K5l9oT7tDdoMVyz7/3qTCPVLoKyzKJ68jtpiZByNJQDT48qhzgpWjd8mnxYY6K:2sDdh7TqLtBRpiLyXsz8pu16I2twK9

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\67eaee66522dc72cb0e8d9722f0fe531fa9ed1634cf26cf2467519fc4b6defc0.exe
"C:\Users\Admin\AppData\Local\Temp\67eaee66522dc72cb0e8d9722f0fe531fa9ed1634cf26cf2467519fc4b6defc0.exe"
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1948-54-0x0000000000460000-0x0000000000481000-memory.dmp

Filesize
132KB

Download
memory/1948-55-0x0000000000400000-0x0000000000446000-memory.dmp

Filesize
280KB

Download
memory/1948-56-0x0000000000460000-0x0000000000481000-memory.dmp

Filesize
132KB

Download