Analysis
-
max time kernel
142s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30-12-2023 07:09
General
-
Target
11c74b911510fb248c406f77542db7e8.exe
-
Size
59KB
-
MD5
11c74b911510fb248c406f77542db7e8
-
SHA1
1ea2f82d672e8e39f3662946b2cca0cbbbd06a08
-
SHA256
b8142f884604f1bc9fcb4e57c73852e68104d237cf86870077c0f67ab98c16a7
-
SHA512
9fa0f68c2a3254401bf6f7dbba54d0bfa72da21accbbdf17182594494f7b985ce213d202a67ef796327dbdb820901ec1d675474b9cf6553ef621f3b6ebd7db02
-
SSDEEP
768:XocAX3LKew369lp2z3Sd4baFXLjwP/Tgj93b8NIocVSEFGocAX3LKew369lp2z3Q:SKcR4mjD9r823FHKcR4mjD9r823Ff
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\11c74b911510fb248c406f77542db7e8.exe"C:\Users\Admin\AppData\Local\Temp\11c74b911510fb248c406f77542db7e8.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB