Analysis
-
max time kernel
147s -
max time network
118s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
31/12/2023, 01:36
General
-
Target
2305d5b36076d4ba067daa4538850630.exe
-
Size
103KB
-
MD5
2305d5b36076d4ba067daa4538850630
-
SHA1
71ee7c19971733f397f85c24f481e5760d640d34
-
SHA256
6dd57913bdfe8d3ca180a1359a72fea3a18eb9e3d44551edf5d720806c1146cc
-
SHA512
7f211c3bd59568e8dbfd01d40a50cd74cbe67302deba04d638695fe211e754d9617d5aec59e5b2a368fd2a7212af19e5ab29c80a1499a7e917700ce49c951da6
-
SSDEEP
1536:s9Z3KcR4mjD9r8226+oeZeSULzq2rRfGe2/4Bsi7zbuxk5ArDSqjAiZ:sr3KcWmjRrzSo8CZNbkJi6HSqkY
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2305d5b36076d4ba067daa4538850630.exe"C:\Users\Admin\AppData\Local\Temp\2305d5b36076d4ba067daa4538850630.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\q8e36WLR4N6dfep.exeC:\Users\Admin\AppData\Local\Temp\q8e36WLR4N6dfep.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB