3eff2e1ab5632f6a2b0ca5c0b007c9f1b2bb2fbbe1517c4ba0695802116da001

Analysis

max time kernel
31s
max time network
95s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
03-07-2023 16:07

Target

4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe
Size

93KB
MD5

91ff158a97a75d49914efb44b11ab82a
SHA1

1e5b91b3a69eeb4d7c9286654bcaa36def7bb9df
SHA256

4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b
SHA512

a3a9c811685ddf6125517a588197d4496d007cd89b5d34de3ee01694d052d8537d0d014f45ee75a8d97db0890bad6ffa34f88b682ae9e2ef9ea6c2eff0fa50a7
SSDEEP

1536:gWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUl3jy0:gWTHVn8TXvc4O3CFvlaSED1Pgj/

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Program crash 1 IoCs

pid	pid_target	Process	procid_target
268	1040	WerFault.exe	26

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 268	1040	4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe	28
PID 1040 wrote to memory of 268	1040	4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe	28
PID 1040 wrote to memory of 268	1040	4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe	28
PID 1040 wrote to memory of 268	1040	4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe	28

C:\Users\Admin\AppData\Local\Temp\4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe
"C:\Users\Admin\AppData\Local\Temp\4a2f1b219e41a49cca2f934b06adff82a4d2c639d1c620d14952f5763801449b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 940
  2⤵
  - Program crash
  PID:268

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact