6f08f046344b217db37a7218d5c7812b74e540633547e242011db005f80a0358 | Triage

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13/06/2023, 04:37

Sharing

Report Analysis Logs

General

Target

ch.exe
Size

471KB
MD5

56a6a01e2c6776fac5d25a6f36c53e5c
SHA1

0380437cb32a304db5928eb037e95df75db8b5cf
SHA256

6f08f046344b217db37a7218d5c7812b74e540633547e242011db005f80a0358
SHA512

07124101424eb0b724d3b1ef60c5be10a3d196d97b42f9649a3fdb23b1ac598550cdd08dd272599cf93e384ef2a096fc0771c26279517425d609d8495ac696a4
SSDEEP

6144:t3ZL0N39UVFmbCs0KBv9ss9RpFhJIatNFEI1PDpFtO0qJBAOI6Cre9:tlK3yFsrv9sgR/zIyNfltO7JBmU

Score

6^/10

spyware

Malware Config

Signatures

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\ch.exe
"C:\Users\Admin\AppData\Local\Temp\ch.exe"
1⤵
PID:1700

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Binance\app-store.json

Filesize
3KB

MD5
cc08dc55a1c89b2e8dcb9159b412f574

SHA1
e32bc515bf12ede14f63e397b64ff568fcd92bb9

SHA256
5709e9b08fb53ec26a4b24f6cc91f8ea02ef3235fcb6cda3e16a450dae7e895d

SHA512
7ca8bcf1497e5ec0a4b78e4fb17d828828de76b1ac32078cc4404202b9650171d7af782039aeef791ecac6f8074f79c4513f2535713116e9a361677912ba2c96

Download Submit