Analysis
-
max time kernel
1s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
24-12-2023 22:32
General
-
Target
15fcbed570ff341514bc28aad2a02e96.exe
-
Size
249KB
-
MD5
15fcbed570ff341514bc28aad2a02e96
-
SHA1
272938b8e816681e1baf0bcf4e9886653eaf19ac
-
SHA256
35c95f653a38681ef36529532a4276f92436a176d621b12721292d91e10fc454
-
SHA512
71c0d677cf1f056c4c59d9d74647f8b54f610779d68928bd5dc194bc4a96d6fededd6d694abece0a7b3412e49706252b1e7a6832302627996f9d268b681d7edb
-
SSDEEP
6144:h1OgDPdkBAFZWjadD4s5hWaLusMUwQVd83TQc3TA:h1OgLdaOhDSrUXV1c8
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 4 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\15fcbed570ff341514bc28aad2a02e96.exe"C:\Users\Admin\AppData\Local\Temp\15fcbed570ff341514bc28aad2a02e96.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS116E.tmp\50ebd3e495111.exe.\50ebd3e495111.exe /s2⤵
- Executes dropped EXE
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
MD577c852f85e699650b9800a94e17fddf9
SHA1c5e0cfe30dd4c3db5ca5790103ba3a4854b044ec
SHA256daeaf85b7d44f029807b2932adf69193a23d863032fc7f53679720fd7e5784cd
SHA5124004a48d7f6ab13cc666e37b75a0c3d9462a94bce07ad3ff2f16ac5ce345b34a8b10104997efcb1f5156b2ec8f45b293a5bb8d4781de0a8b2bf77db59fec46c2
-
Filesize
40KB