Analysis
-
max time kernel
119s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20231023-en -
resource tags
-
submitted
04/11/2023, 13:36
General
-
Target
4A052958458D13F795B5FCDF1794DDCC.exe
-
Size
66.2MB
-
MD5
4a052958458d13f795b5fcdf1794ddcc
-
SHA1
7383ed00d42b2b33482ad99411ab7662968efe35
-
SHA256
378ddb826b406a8bdcd2358760d93822f83250ed8709ab33aa951042c85c9882
-
SHA512
3747447e67eeb5cb3eb770b0f89468f3a2a6e3da94ecd0a216a1032289db96a4b69de8e366f0e9e5b45ad14875fa00412f982a4289541ea96cd1037b6996be99
-
SSDEEP
196608:3IdPYjVWh1QyL2Y7RszuHveQr/4bzGyZw4JMGV7E:3I5YjVUiyLJguPj/4p3
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 56 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4A052958458D13F795B5FCDF1794DDCC.exe"C:\Users\Admin\AppData\Local\Temp\4A052958458D13F795B5FCDF1794DDCC.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
8.3MB
-
Filesize
4KB
-
Filesize
8.3MB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
8.3MB
-
Filesize
8.3MB