Overview

overview

7

Static

static

3

59f2ed1246...45.exe

windows7-x64

7

59f2ed1246...45.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2023, 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59f2ed124653cc62fe192503b61c0e45.exe

  • Size

    1.4MB

  • MD5

    59f2ed124653cc62fe192503b61c0e45

  • SHA1

    939fc5f7a7550afba879ab89cd2e90461a00be79

  • SHA256

    5f18dec13e0158ced752a64a756248acef0524202a89fc94c97c923ab77039dd

  • SHA512

    f1ca9752eed5b0b548635b4a9d9c1fe4f462f05b1cc4a76eec3227468c5d99c5ec6db005f026f285bae0150dd3f50634cc1f3fcc87ca5c611660dc69556907f8

  • SSDEEP

    24576:BM1yW9gSEng8EOA2/cNSPPuOC73JXIB4EWV:iEng8EOcIPu37GB2

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of local email clients 2 TTPs

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious behavior: EnumeratesProcesses 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59f2ed124653cc62fe192503b61c0e45.exe
    "C:\Users\Admin\AppData\Local\Temp\59f2ed124653cc62fe192503b61c0e45.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/376-0-0x0000000000D10000-0x0000000000D8F000-memory.dmp

    Filesize

    508KB

    Download

  • memory/376-6-0x0000000000D10000-0x0000000000D8F000-memory.dmp

    Filesize

    508KB

    Download