41ccc626af243568051e627af617517468c45c71c21b5f423449703e60b8619c

Analysis

max time kernel
0s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40db340467a18d6d18be879487871a61.exe
Size

313KB
MD5

40db340467a18d6d18be879487871a61
SHA1

dac000f58eeb379c0885a0ca15588b19631e4f50
SHA256

41ccc626af243568051e627af617517468c45c71c21b5f423449703e60b8619c
SHA512

8575ed0012807a3d9f987891e6a09ce1583a29741a375e6c900403b557dd584c8ef2a3cd5af70e97d88efd83c13b155b89cc928b17fb737f43219645aec07f60
SSDEEP

6144:91OgDPdkBAFZWjadD4sEamIGauKQLgAuDZ9Y0RXDH/K+lTUP:91OgLdahPaHQLFwZTDHJW

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2284	setup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0006000000023252-32.dat	nsis_installer_1
behavioral2/files/0x0006000000023252-32.dat	nsis_installer_2

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2284	1936	40db340467a18d6d18be879487871a61.exe	17
PID 1936 wrote to memory of 2284	1936	40db340467a18d6d18be879487871a61.exe	17
PID 1936 wrote to memory of 2284	1936	40db340467a18d6d18be879487871a61.exe	17

C:\Users\Admin\AppData\Local\Temp\40db340467a18d6d18be879487871a61.exe
"C:\Users\Admin\AppData\Local\Temp\40db340467a18d6d18be879487871a61.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\7zS54C7.tmp\setup.exe
  .\setup.exe /s
  2⤵
  - Executes dropped EXE
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zS54C7.tmp\setup.exe

Filesize
61KB

MD5
201d2311011ffdf6c762fd46cdeb52ab

SHA1
65c474ca42a337745e288be0e21f43ceaafd5efe

SHA256
15c0e4fd6091cda70fa308ea5ee956996f6eb23d24e44700bd5c74bf111cf2aa

SHA512
235d70114f391d9e7a319d94bdfc49665d147723379de7487ef76cfc968f7faa3191153b32ba1ab466caeeeeef4852381529a168c3acca9a8d5a26dfe0436f6b

Download Submit