Overview

overview

7

Static

static

1

3699d6814e...3e.exe

windows7-x64

7

3699d6814e...3e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3699d6814e1a31c1be5e7f6322fd903e.exe

  • Size

    1.6MB

  • MD5

    3699d6814e1a31c1be5e7f6322fd903e

  • SHA1

    54f582c43ccb80714111f04460f08e930a139282

  • SHA256

    44224dfaff9ffd9823b2fbb56d5e352d9cf50c4197a2acb432723d661c3c7e8d

  • SHA512

    d1ca136cecf4607fc0a1100cfbe68390fd93df4f857f1cb9e978cc856300e2606204b6e7a968f5330fa59e9810d4a78270ca13e31b89ac978812909486704c5b

  • SSDEEP

    49152:s/fwUdLfGiPTStHxNtKgEAhK1kfqtOZ2Twjr5:swUdCi7KHs19tcl

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3699d6814e1a31c1be5e7f6322fd903e.exe
    "C:\Users\Admin\AppData\Local\Temp\3699d6814e1a31c1be5e7f6322fd903e.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Users\Admin\AppData\Local\Temp\3699d6814e1a31c1be5e7f6322fd903e.exe
      "C:\Users\Admin\AppData\Local\Temp\3699d6814e1a31c1be5e7f6322fd903e.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_73518c0"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pkg_73518c0\autorun.txt
    Filesize

    108B

    MD5

    7ea6fb133fe37cc190fdfadc1f8e8bac

    SHA1

    4360d387176b4940f8d6c5ce77dde58a30d2cbf5

    SHA256

    d97e91a158cc746a6a0f6c6c962b3efe0e3e989112808804eae82d74a08b3a19

    SHA512

    fa560351d0b1de44245d056dfab4693c27677a981ec808155a6745242e965180979f01bb540e80ecbf9baca3e5dc60ef6753fd17800f5c0719ec6621d04bc85d

    Download Submit