Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
22-12-2023 14:46
Behavioral task
behavioral1
Sample
ca85bb321f5f8ff49660826effc53a02.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
General
-
Target
ca85bb321f5f8ff49660826effc53a02.exe
-
Size
93KB
-
MD5
ca85bb321f5f8ff49660826effc53a02
-
SHA1
56569ea78b464fd3b81c90c7e578e3b60c502c58
-
SHA256
8cdba653a610425107a972ed3fe5af05ab30287a3242ca8eb5351c23cf8265e5
-
SHA512
a2cc80187d8cb157218b768daffb1ce99c1dd9e0fec086710a9226a4876d69a9cd0f35af1664ce9062cc498245f23dbd43a9aa27dd1a73879d95c94c2c447a52
-
SSDEEP
1536:gWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVUd3jy0:gWTHVn8TXvc4O3CFvlaSED1Poj/
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 3772 784 WerFault.exe 63
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca85bb321f5f8ff49660826effc53a02.exe"C:\Users\Admin\AppData\Local\Temp\ca85bb321f5f8ff49660826effc53a02.exe"1⤵PID:784
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 13522⤵
- Program crash
PID:3772
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 784 -ip 7841⤵PID:3920