Analysis
-
max time kernel
123s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
-
submitted
17/08/2023, 11:34
General
-
Target
cb3e8475bddbafadc73788e08105fbca6294b4fcbcdd322797cc93b09d1f5844.exe
-
Size
2.9MB
-
MD5
fb4d1d77d6d03e500e27451cb698c92f
-
SHA1
78eff8afa0aad1f416efef93a2851bceb7907510
-
SHA256
cb3e8475bddbafadc73788e08105fbca6294b4fcbcdd322797cc93b09d1f5844
-
SHA512
944fa4f113b853e7deab1127f1751319378d95648d095f464afabb47d1a5ae039688d8315e11c5a0e7a607f0b774ad0f04df45bdad5fdfb6467d90df7f13bc39
-
SSDEEP
49152:a1wbmI4KwvB48/jPJ3zV2WpzHg24EaATFuJ4PM4TUi:lsxJ2WpzHFE2PHT
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb3e8475bddbafadc73788e08105fbca6294b4fcbcdd322797cc93b09d1f5844.exe"C:\Users\Admin\AppData\Local\Temp\cb3e8475bddbafadc73788e08105fbca6294b4fcbcdd322797cc93b09d1f5844.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\cb3e8475bddbafadc73788e08105fbca6294b4fcbcdd322797cc93b09d1f5844.exeC:\Users\Admin\AppData\Local\Temp\cb3e8475bddbafadc73788e08105fbca6294b4fcbcdd322797cc93b09d1f5844.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Chromium\User Data\Crashpad" --annotation=plat=Win64 --annotation=prod=Chromium --annotation=ver=115.0.5790.102 --initial-client-data=0x25c,0x260,0x264,0x238,0x268,0x7ff7fe1d8b20,0x7ff7fe1d8b30,0x7ff7fe1d8b402⤵
-