Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
16-08-2023 22:32
Behavioral task
behavioral1
Sample
0e17dd9e3ab01a67046c471b357ae4f5.exe
Resource
win7-20230712-en
4 signatures
150 seconds
General
-
Target
0e17dd9e3ab01a67046c471b357ae4f5.exe
-
Size
88KB
-
MD5
0e17dd9e3ab01a67046c471b357ae4f5
-
SHA1
23b4e39ad9804705e1773499ed87081ad3d58097
-
SHA256
60f0c2daba44c1f09f9677a15ba4031f2853e1d3a3b608721d25c261a2341472
-
SHA512
a0b4da1aa7cadf2198dff22e6d1591fc8768237d9133299a9146a1431a9d4169829c698dca362f928f23d983217e652c801f4041a0cd1e21da5ca5738263164a
-
SSDEEP
1536:m2X+ju5qTBZnMU0DqLdt4n7yR1wrhSEgrOCENJkzZDNQt:3MvQqZt4eOCENCDNQt
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 40 IoCs
Processes:
0e17dd9e3ab01a67046c471b357ae4f5.exedescription pid process Token: SeImpersonatePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeTcbPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeChangeNotifyPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeCreateTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeBackupPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeRestorePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeIncreaseQuotaPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeAssignPrimaryTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeImpersonatePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeTcbPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeChangeNotifyPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeCreateTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeBackupPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeRestorePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeIncreaseQuotaPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeAssignPrimaryTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeImpersonatePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeTcbPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeChangeNotifyPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeCreateTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeBackupPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeRestorePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeIncreaseQuotaPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeAssignPrimaryTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeImpersonatePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeTcbPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeChangeNotifyPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeCreateTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeBackupPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeRestorePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeIncreaseQuotaPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeAssignPrimaryTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeImpersonatePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeTcbPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeChangeNotifyPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeCreateTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeBackupPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeRestorePrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeIncreaseQuotaPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe Token: SeAssignPrimaryTokenPrivilege 2080 0e17dd9e3ab01a67046c471b357ae4f5.exe