Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231127-en -
resource tags
arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system -
submitted
07-12-2023 23:33
Static task
static1
Behavioral task
behavioral1
Sample
RunHack.exe
Resource
win7-20231025-en
windows7-x64
4 signatures
150 seconds
General
-
Target
RunHack.exe
-
Size
348KB
-
MD5
46a284fe418560662c35516b6df1e873
-
SHA1
f41702ffaab025b4ed69ad2f48504a025a50ee51
-
SHA256
4d2506e11fa02ceb3fe852d85ef924d0d31665f6c5f00e3d45623e833b08e0bc
-
SHA512
237411deaebd5d01e89e7a540ce3300df3d5bc3aef9edfa24767163b029c34eddab0508530a59d3d9e57ea3cbc1ffe7a50354830aac2d2a76fa679f94cb3a319
-
SSDEEP
6144:yJYBitWBxQ5y22AOiOlwfuLUF2beuB7sYmtNNmtw1TIWp3m:y2BitEV9rpP8nZTIWp3m
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
RunHack.exepid process 1820 RunHack.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
RunHack.exedescription pid process Token: SeDebugPrivilege 1820 RunHack.exe