Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
21-12-2023 02:46
Static task
static1
Behavioral task
behavioral1
Sample
aa6ba9e8041dcef9d5b1dbaa1fb41570.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
aa6ba9e8041dcef9d5b1dbaa1fb41570.exe
Resource
win10v2004-20231215-en
General
-
Target
aa6ba9e8041dcef9d5b1dbaa1fb41570.exe
-
Size
12.4MB
-
MD5
aa6ba9e8041dcef9d5b1dbaa1fb41570
-
SHA1
8244de9d8b89058d1c03f0d5a42e276227574159
-
SHA256
e482863957a81bf585e637311d51be7a4cb8819d432ce5dab3b089ceb46005b5
-
SHA512
24fabd8186b2b327b057a19f86c4e74bd57e0e807eb01a7b727d27a610e8e8ceeeb2827fe32b722e7f1a468a02535f026f00e484ff40c38c724db9e1e480b2a6
-
SSDEEP
3072:3qhbDcxipV57ihAgGHQhOxg4GUHmEOW2zOyQ5OGXubV0EYH9QJSp8Bb8EGq:SncxipAASq1mv/S5DXubV0EYk8EG
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2832 1748 WerFault.exe aa6ba9e8041dcef9d5b1dbaa1fb41570.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
aa6ba9e8041dcef9d5b1dbaa1fb41570.exedescription pid process target process PID 1748 wrote to memory of 2832 1748 aa6ba9e8041dcef9d5b1dbaa1fb41570.exe WerFault.exe PID 1748 wrote to memory of 2832 1748 aa6ba9e8041dcef9d5b1dbaa1fb41570.exe WerFault.exe PID 1748 wrote to memory of 2832 1748 aa6ba9e8041dcef9d5b1dbaa1fb41570.exe WerFault.exe PID 1748 wrote to memory of 2832 1748 aa6ba9e8041dcef9d5b1dbaa1fb41570.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa6ba9e8041dcef9d5b1dbaa1fb41570.exe"C:\Users\Admin\AppData\Local\Temp\aa6ba9e8041dcef9d5b1dbaa1fb41570.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 8402⤵
- Program crash
PID:2832