Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
13/10/2023, 14:39
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2d93ffc4f232bcc5f7c2a19d8fcbaa50884e60a027804fcecc3c40d120eedc8c.dll
Resource
win7-20230831-en
2 signatures
150 seconds
General
-
Target
2d93ffc4f232bcc5f7c2a19d8fcbaa50884e60a027804fcecc3c40d120eedc8c.dll
-
Size
1.1MB
-
MD5
7d6c819c7accbd9abe8f6c4eb087eea2
-
SHA1
6b6b4bc3c0bc152cbea590c83dd55b2101abb130
-
SHA256
2d93ffc4f232bcc5f7c2a19d8fcbaa50884e60a027804fcecc3c40d120eedc8c
-
SHA512
cfbc2bf4d5417d066ba8c845c8117306650347648c13fac51d65f6610493b81af8317051268c8152b2c6011cf4baeffcd2bc928c5334842b6147d70173ac8e8a
-
SSDEEP
24576:Qc6T3/YiaASvUn+J35XBMZZ9+xyc30w/tDMJIy:1iaASvUnI5XAZ9iyET
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2808 2228 rundll32.exe 28 PID 2228 wrote to memory of 2808 2228 rundll32.exe 28 PID 2228 wrote to memory of 2808 2228 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2d93ffc4f232bcc5f7c2a19d8fcbaa50884e60a027804fcecc3c40d120eedc8c.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2228 -s 3122⤵PID:2808
-