0faaf738427579684b995e62f180442d04b8f0eb84286e59b63a8038dd19a562

Analysis

max time kernel
18s
max time network
20s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
15/06/2023, 19:36

Target

Stealer.exe
Size

11KB
MD5

8ad0c6f56907501b51cc529c851f6f1a
SHA1

a4b3687667bfdcf5a8f0465f6960d803977cdd36
SHA256

0faaf738427579684b995e62f180442d04b8f0eb84286e59b63a8038dd19a562
SHA512

e4bb90218db2a104b8c779ef1482410a095eb206f645be552400e4485dcfc005ac0e3d209d3f7d34c903b495afe438698f28536ee5275f4fd6bc74b9b354eccb
SSDEEP

192:eyiCp8iKpBUjn4GqqWJqcgjOm3a3eViZAl9P3Ku7E5pz6KbHWm:etCCZzQn47/JqxjF30kiZAlZ3Ku7UWm

Score

1^/10

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

System Information Discovery

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Stealer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Stealer.exe

C:\Users\Admin\AppData\Local\Temp\Stealer.exe
"C:\Users\Admin\AppData\Local\Temp\Stealer.exe"
1⤵
- Checks processor information in registry
PID:2080

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact