Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
10-08-2023 01:16
Static task
static1
Behavioral task
behavioral1
Sample
b5f11e9a19a7972bb65d5c46664a7f7594a946b3bdd9760697fd39f6d607b557.exe
Resource
win7-20230712-en
General
-
Target
b5f11e9a19a7972bb65d5c46664a7f7594a946b3bdd9760697fd39f6d607b557.exe
-
Size
137KB
-
MD5
a2b20120a92c3de445b0b384a494ed39
-
SHA1
f82093aa3c483dca6ace0f5c8dec104800b8d494
-
SHA256
b5f11e9a19a7972bb65d5c46664a7f7594a946b3bdd9760697fd39f6d607b557
-
SHA512
5d6389e60866cef23a8d28e586668c10c20a9009ef7e5310ebdabcead71e9628f01e0b86475664c621a29e1ef9b6f7fa07f7f0f703e425c4a7c9cc7bae2e2a6b
-
SSDEEP
3072:etcVk+DTEMRxbE8Zcs5t3uwcELzfIZmuf2Oh4SrUq8CA:TPDTE053uwcELzfIZmuf2Oh4SrUq
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 10 ip-api.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
b5f11e9a19a7972bb65d5c46664a7f7594a946b3bdd9760697fd39f6d607b557.exedescription pid process Token: SeDebugPrivilege 1868 b5f11e9a19a7972bb65d5c46664a7f7594a946b3bdd9760697fd39f6d607b557.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1868-133-0x00000000004F0000-0x0000000000518000-memory.dmpFilesize
160KB
-
memory/1868-134-0x00000000025A0000-0x00000000025BA000-memory.dmpFilesize
104KB
-
memory/1868-135-0x00007FFDA8340000-0x00007FFDA8E01000-memory.dmpFilesize
10.8MB
-
memory/1868-136-0x00000000025D0000-0x00000000025E0000-memory.dmpFilesize
64KB
-
memory/1868-141-0x00007FFDA8340000-0x00007FFDA8E01000-memory.dmpFilesize
10.8MB