Analysis
-
max time kernel
0s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
25-12-2023 02:37
General
-
Target
005f5687bb82080027d1dbe3685a0441.exe
-
Size
250KB
-
MD5
005f5687bb82080027d1dbe3685a0441
-
SHA1
c83ebef30d8e9c63e58b4a653c49995c2307f9d2
-
SHA256
2ffc0423c2d0c8c2b1f48d38dd412a723eaff8acfc5179c77545d76b2159f79a
-
SHA512
83f8513b31eb9c43c708a7a4b95be5e0153b279eceddcaa74865d93f676325c6834ec3f2180767bfca9a18833a9770053dafe0f73c77a99be3674a524e6f44a9
-
SSDEEP
6144:h1OgDPdkBAFZWjadD4s5lvkEZ7CqjOEQSlczoJ61y6hlzJiO:h1OgLdaO+PbzoxQxb
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
NSIS installer 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\005f5687bb82080027d1dbe3685a0441.exe"C:\Users\Admin\AppData\Local\Temp\005f5687bb82080027d1dbe3685a0441.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\7zS4E20.tmp\50f87310e578f.exe.\50f87310e578f.exe /s2⤵
- Executes dropped EXE
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD5b78633fae8aaf5f7e99e9c736f44f9c5
SHA126fc60e29c459891ac0909470ac6c61a1eca1544
SHA256d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22
SHA5123885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43
-
Filesize
40KB