bfd6cef76bf7b12333f57132af473b33a6b3b20ea659cfbd9c02c63bc1819c23

Analysis

max time kernel
120s
max time network
130s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
07/08/2023, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

just_build.exe/deadeye2.exe
Size

24KB
MD5

653606a228c5f9c62cf27910c07463c3
SHA1

ccfa701a838dfb717614770e0faccfc6743d7505
SHA256

e55afafe35dbf042a2e0253a2dc1262e6782431c320e69a10f72c145e933326c
SHA512

e903be30363c4d13a87a71613798b91ffe91c094feda781a8de0b3983d87c6655b5245b8572abfb7e28eef877f62e474cc23f103c832ab91e74f10e116988a8d
SSDEEP

768:J265HvVtHnbFFloEnnsCl0C0lNrHmDfTrE2UkAWuDKgm:X5HHHnbFFlLnnsClSlNrHmbTrMkAj+P

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3044	292	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	292	deadeye2.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 292 wrote to memory of 2824	292	deadeye2.exe	28
PID 292 wrote to memory of 2824	292	deadeye2.exe	28
PID 292 wrote to memory of 2824	292	deadeye2.exe	28
PID 292 wrote to memory of 2556	292	deadeye2.exe	30
PID 292 wrote to memory of 2556	292	deadeye2.exe	30
PID 292 wrote to memory of 2556	292	deadeye2.exe	30
PID 292 wrote to memory of 3044	292	deadeye2.exe	38
PID 292 wrote to memory of 3044	292	deadeye2.exe	38
PID 292 wrote to memory of 3044	292	deadeye2.exe	38

C:\Users\Admin\AppData\Local\Temp\just_build.exe\deadeye2.exe
"C:\Users\Admin\AppData\Local\Temp\just_build.exe\deadeye2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:292
- C:\Windows\system32\xcopy.exe
  "C:\Windows\system32\xcopy.exe" "C:\Users\Admin\AppData\Local\Google\Chrome\User Data" "C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" /E /I
  2⤵
  PID:2824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-background-timer-throttling --disable-backgrounding-occluded-windows --disable-breakpad --disable-client-side-phishing-detection --disable-component-extensions-with-background-pages --disable-component-update --disable-default-apps --disable-dev-shm-usage --disable-extensions --disable-features=Translate,BackForwardCache,AcceptCHFrame,MediaRouter,OptimizationHints --disable-hang-monitor --disable-ipc-flooding-protection --disable-popup-blocking --disable-prompt-on-repost --disable-renderer-backgrounding --disable-sync --enable-automation --enable-blink-features=IdleDetection --enable-features=NetworkServiceInProcess2 --export-tagged-pdf --force-color-profile=srgb --metrics-recording-only --no-first-run --password-store=basic --use-mock-keychain about:blank --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" --mute-audio --window-position=7783,64871 --window-size=1920,1080 --hide-crash-restore-bubble --disable-features=EnhancedAdBlocking --remote-debugging-port=0
  2⤵
  PID:2556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa0,0xd8,0x7fef2249758,0x7fef2249768,0x7fef2249778
    3⤵
    PID:1604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-breakpad --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1300,i,4959501690631977304,16779551387530040014,131072 --enable-features=NetworkServiceInProcess2 --disable-features=EnhancedAdBlocking /prefetch:2
    3⤵
    PID:2604
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mute-audio --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" --mojo-platform-channel-handle=1612 --field-trial-handle=1300,i,4959501690631977304,16779551387530040014,131072 --enable-features=NetworkServiceInProcess2 --disable-features=EnhancedAdBlocking /prefetch:8
    3⤵
    PID:2720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1300,i,4959501690631977304,16779551387530040014,131072 --enable-features=NetworkServiceInProcess2 --disable-features=EnhancedAdBlocking /prefetch:1
    3⤵
    PID:2576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2" --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-background-timer-throttling --disable-breakpad --enable-automation --force-color-profile=srgb --remote-debugging-port=0 --allow-pre-commit-input --enable-blink-features=IdleDetection --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=2292 --field-trial-handle=1300,i,4959501690631977304,16779551387530040014,131072 --enable-features=NetworkServiceInProcess2 --disable-features=EnhancedAdBlocking /prefetch:1
    3⤵
    PID:2716
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 292 -s 1388
  2⤵
  - Program crash
  PID:3044

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
03c4f648043a88675a920425d824e1b3

SHA1
b98ce64ab5f7a187d19deb8f24ca4ab5d9720a6d

SHA256
f91dbb7c64b4582f529c968c480d2dce1c8727390482f31e4355a27bb3d9b450

SHA512
2473f21cf8747ec981db18fb42726c767bbcca8dd89fd05ffd2d844206a6e86da672967462ac714e6fb43cc84ac35fffcec7ddc43a9357c1f8ed9d14105e9192

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\GCM Store\Encryption\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\GCM Store\Encryption\MANIFEST-000002

Filesize
50B

MD5
22bf0e81636b1b45051b138f48b3d148

SHA1
56755d203579ab356e5620ce7e85519ad69d614a

SHA256
e292f241daafc3df90f3e2d339c61c6e2787a0d0739aac764e1ea9bb8544ee97

SHA512
a4cf1f5c74e0df85dda8750be9070e24e19b8be15c6f22f0c234ef8423ef9ca3db22ba9ef777d64c33e8fd49fada6fcca26c1a14ba18e8472370533a1c65d8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\Login Data For Account

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\Preferences

Filesize
4KB

MD5
77147f99207a1ec06290a2926d0de2c4

SHA1
937c6558e3b39dfbbff06bf3de07d9e3b59a0409

SHA256
e99fb76005545aac43a70dd6ae3bf907c10ceb6e214d20f89469f42de038f07d

SHA512
bc2707349ff2afa0bf6681a4949a61de1cdec11d9ef1862fb8c50709066899e60c46bbb88b8ee674b3793a867e057c0210974f22a71821dbbf0c199740276440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\Safe Browsing Network\Safe Browsing Cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data_A2\Default\shared_proto_db\MANIFEST-000004

Filesize
50B

MD5
494e626a5079642efed0f0c7f38bd4ef

SHA1
0cbead74a33ad551eae3b25c213d3b080535589b

SHA256
9ce8bd68fe0b86c0bf2067d549e7b93bc1c24f12bdfd227aba521e9d7e704436

SHA512
659bc9699799757dec5b257d78949d378caf03001890f7ae24d28055cff7175d85f8ea14393048aab1c0ba460082f568e5f4bfacdb8921f006f98989293fe78d

Download Submit
memory/292-60-0x0000000000440000-0x0000000000450000-memory.dmp

Filesize
64KB

Download
memory/292-61-0x00000000004C0000-0x0000000000570000-memory.dmp

Filesize
704KB

Download
memory/292-58-0x0000000000410000-0x000000000041A000-memory.dmp

Filesize
40KB

Download
memory/292-57-0x00000000002C0000-0x00000000002CA000-memory.dmp

Filesize
40KB

Download
memory/292-56-0x00000000003E0000-0x00000000003FA000-memory.dmp

Filesize
104KB

Download
memory/292-54-0x00000000002D0000-0x00000000002DC000-memory.dmp

Filesize
48KB

Download
memory/292-63-0x000000001B210000-0x000000001B290000-memory.dmp

Filesize
512KB

Download
memory/292-59-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/292-62-0x0000000000480000-0x000000000048C000-memory.dmp

Filesize
48KB

Download
memory/292-419-0x000000001A7F0000-0x000000001A7FA000-memory.dmp

Filesize
40KB

Download
memory/292-420-0x000000001B1E0000-0x000000001B1E8000-memory.dmp

Filesize
32KB

Download
memory/292-55-0x0000000001F10000-0x0000000001FCE000-memory.dmp

Filesize
760KB

Download
memory/292-430-0x000007FEF5980000-0x000007FEF636C000-memory.dmp

Filesize
9.9MB

Download
memory/292-431-0x000000001B210000-0x000000001B290000-memory.dmp

Filesize
512KB

Download