Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
-
submitted
11-10-2023 19:20
General
-
Target
odeme.exe
-
Size
315KB
-
MD5
5f7cb94f4ab08ee714d801d8cdb10342
-
SHA1
1eee64e698b780a13ab21d1dfb31a4dbeb43901b
-
SHA256
25a1ed4595e074cf8f898b5a0e505809372991f805aec43f205c254e8d1ec91d
-
SHA512
9346aa9910d012d926a2c6e7622797e3e4e2c7479514c64db037a4aea777bfcdede3875be3b4024366e96f6f86140c6b5c29209d623ad1b3b93a2a221960eb55
-
SSDEEP
6144:rbJyFMhIorW0wFndl3Swqk6/d1FPCiDPXcEfiu+kPHZnT:rUF4I0w4wqk6/d1FPVP/6TkPZn
Score
7/10
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\odeme.exe"C:\Users\Admin\AppData\Local\Temp\odeme.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\odeme.exeC:\Users\Admin\AppData\Local\Temp\odeme.exe2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
4KB
-
Filesize
256KB
-
Filesize
256KB
-
Filesize
6.9MB
-
Filesize
304KB
-
Filesize
344KB
-
Filesize
256KB
-
Filesize
328KB
-
Filesize
6.9MB