Analysis
-
max time kernel
123s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
20-11-2023 11:19
General
-
Target
Updatе.exe
-
Size
699KB
-
MD5
3f6d2aa85fcd8e38412f4ab60f8f47f4
-
SHA1
7766ac3f9692746896f25ee85eff6b063649dd12
-
SHA256
3eb644492c55f3afab73d0b9842a835d67ccf35c46767d45ae7d2e78fc96d7e5
-
SHA512
b5e9c9f79b55757277a9c1a3559d18a50eddb5a68383e6deea1dc6bc22b6f5259d51d75adcdb961bebc635e79bf50a9d8c8bb97e6283590fc53ea23ec5b69890
-
SSDEEP
12288:R1nGfvqfcZCnVsUonX/hNKo1FdsJt2m2Nl1KsHBMIDG4LcykS/xXn8SUtbR+i:RrcZ0VGnPnveJxwl1uu/9/xXn8b4
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Updatе.exe"C:\Users\Admin\AppData\Local\Temp\Updatе.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
532KB
-
Filesize
532KB
-
Filesize
532KB
-
Filesize
532KB