Extracted

• • Target

    94df97f56ad0b323684f14b54ab8858af8e9c0a442ce31e07c342fbbb41de5ccexe_JC.exe

  • Size

    1.6MB

  • MD5

    fb7883d3fd9347debf98122442c2a33e

  • SHA1

    0a93dc2350161bd426113e957dc9eba053c6424f

  • SHA256

    94df97f56ad0b323684f14b54ab8858af8e9c0a442ce31e07c342fbbb41de5cc

  • SHA512

    63cefbd9b684bb422da6938a4e50cf009e129bf899f9dd4b76b74c6527c8f828657f3ea9652b9ddaf650966c3ea75a7bfb4ea25c60e617a054d3bdc826e9762f

  • SSDEEP

    49152:BmkHeF294othJ2b00w8x3r1r3EVyfyDyTVUgs1zCZSxNN:Bmk+F294oJsdLEYXTVBIzCZSxNN

  Score

  10^/10

  discoveryexploitpersistencespywarestealer

  • Downloads MZ/PE file

  • Modifies Installed Components in the registry

    persistence

  • Possible privilege escalation attempt

    exploit

  • Sets file execution options in registry

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Registers COM server for autorun

    persistence
  behavioral1behavioral2