d478d1f8005ec4e6c4459f1aea6f68e817e7b67b9415e1ae8b0dfe3a0706044b

Analysis

max time kernel
15s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:24

Target

26474309ff364a9b77c49b965852f3c3.exe
Size

164KB
MD5

26474309ff364a9b77c49b965852f3c3
SHA1

5fb5e21ea847e4080ec47d9062700ad7bce81210
SHA256

d478d1f8005ec4e6c4459f1aea6f68e817e7b67b9415e1ae8b0dfe3a0706044b
SHA512

c1252ea6f65b4d6519f27c17956cc3f0ea54b880aff9e7886b1096bde225b927c8e7288b6eade0778b6e6ab9e3511da9092dd8f0aba7cf3a5df113359339f4d2
SSDEEP

3072:IebXUo855aoZxU6ppmquNAW7eB/55bE73dMcZn9aMg0owLbuUi8mEggJ1cwsHvAG:qNBWNP+kd9WD

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RUN\ = "C:\\Windows\\system32\\"	26474309ff364a9b77c49b965852f3c3.exe

Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\ñ÷é îéí.jpg	26474309ff364a9b77c49b965852f3c3.exe
File opened for modification	C:\Windows\SysWOW64\ñ÷é îéí.jpg	26474309ff364a9b77c49b965852f3c3.exe
File opened for modification	C:\Windows\SysWOW64\shdocvw.dll	26474309ff364a9b77c49b965852f3c3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs