5022b6cbbf4763f912a284e43b8fed3045818d53b49bd261870ae0e934c88717

Analysis

max time kernel
159s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:14

Target

25fcca68e72c8d22e47ba76730875d90.exe
Size

1.6MB
MD5

25fcca68e72c8d22e47ba76730875d90
SHA1

7da4c9895029c78859a1f4d878e742713205b222
SHA256

5022b6cbbf4763f912a284e43b8fed3045818d53b49bd261870ae0e934c88717
SHA512

ca9c0b8d89e159393ef554aebc9191f666dd4c21b7423aa173480f09e4d9e3c7011e03554af7d35348991c64cd4ba53fa483b114167cc0ace0e8b2f5f6d05595
SSDEEP

49152:0KfmJ9vFnsx/65N0rY3jMVwqZi/Tn/Dr5:0LL9jzMVwrd

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 944 wrote to memory of 4832	944	25fcca68e72c8d22e47ba76730875d90.exe	90
PID 944 wrote to memory of 4832	944	25fcca68e72c8d22e47ba76730875d90.exe	90
PID 944 wrote to memory of 4832	944	25fcca68e72c8d22e47ba76730875d90.exe	90

C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe
"C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:944
- C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe
  "C:\Users\Admin\AppData\Local\Temp\25fcca68e72c8d22e47ba76730875d90.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_13a27a0"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\pkg_13a27a0\autorun.txt

Filesize
136B

MD5
53158654a7c134fbe96a84b2826e3a1b

SHA1
dccf14c6fc16ae9cc420367e3a08c5f35732a2ec

SHA256
ba9317f30f79a72a5670152a67deac19dd8fc35eb14706ee47b7330215eacf5e

SHA512
5a7581b636e1d32ef0c6aee3cae559d23b5a9e6febea4ef8a725de0fd8a988e25f9a12789703fafd614ac0cf81906e97995582b912da8f91af01988f0b1151a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_13a27a0\wrapper.xml

Filesize
766B

MD5
7df4b6db3fbbd712d68509779b2ed8fb

SHA1
45567d458538587b85ac1dc399d66e5a56e77238

SHA256
357da15a7e543cf183942d2e0e125d8814dd2bdb225ac5fe7d1fae0601b4473b

SHA512
6af8c86f81a07b5b7ea61bd11b64d3af1d92edddf80bd8ff28bd3d299cca86e8fc6007bb1c7be963715b439a16254136cba9aa9afb09ccca05eb111420c64c4f

Download Submit