Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22-12-2023 14:46
Behavioral task
behavioral1
Sample
ca85bb321f5f8ff49660826effc53a02.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
General
-
Target
ca85bb321f5f8ff49660826effc53a02.exe
-
Size
93KB
-
MD5
ca85bb321f5f8ff49660826effc53a02
-
SHA1
56569ea78b464fd3b81c90c7e578e3b60c502c58
-
SHA256
8cdba653a610425107a972ed3fe5af05ab30287a3242ca8eb5351c23cf8265e5
-
SHA512
a2cc80187d8cb157218b768daffb1ce99c1dd9e0fec086710a9226a4876d69a9cd0f35af1664ce9062cc498245f23dbd43a9aa27dd1a73879d95c94c2c447a52
-
SSDEEP
1536:gWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUd3jy0:gWTHVn8TXvc4O3CFvlaSED1Poj/
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 2524 2912 WerFault.exe 27 -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2912 wrote to memory of 2524 2912 ca85bb321f5f8ff49660826effc53a02.exe 32 PID 2912 wrote to memory of 2524 2912 ca85bb321f5f8ff49660826effc53a02.exe 32 PID 2912 wrote to memory of 2524 2912 ca85bb321f5f8ff49660826effc53a02.exe 32 PID 2912 wrote to memory of 2524 2912 ca85bb321f5f8ff49660826effc53a02.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca85bb321f5f8ff49660826effc53a02.exe"C:\Users\Admin\AppData\Local\Temp\ca85bb321f5f8ff49660826effc53a02.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2912 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 6402⤵
- Program crash
PID:2524
-