Analysis
-
max time kernel
141s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
31-12-2023 04:16
General
-
Target
27ccae91a7b75ee9cb0dd3fbbf0a49bb.exe
-
Size
130KB
-
MD5
27ccae91a7b75ee9cb0dd3fbbf0a49bb
-
SHA1
3030ae42ebd2593516bafa1e6ff8f5e80171010b
-
SHA256
7246a8818630033c69d2cb10eb999c757c2b320e13d2b44e0182c88d37a44bf6
-
SHA512
a6cbb0d8606b0a5c4a9dfe63d6bd365b625761bcc42e50868518f51eb21795d5211909e7b34886e1ef4a7c8ec59bc4d34d34aa0efffcfd0f3177d70acab143cc
-
SSDEEP
3072:sr3KcWmjRrzS4Wdsl+N+vcyd72KrTZTm+n2mFYLlkiEQVz:/IWxocO7RrNTm+2mglkiEQVz
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\27ccae91a7b75ee9cb0dd3fbbf0a49bb.exe"C:\Users\Admin\AppData\Local\Temp\27ccae91a7b75ee9cb0dd3fbbf0a49bb.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\CTS.exe"C:\Windows\CTS.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\8SEj2sBv6LQtUGu.exeC:\Users\Admin\AppData\Local\Temp\8SEj2sBv6LQtUGu.exe2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
-
Filesize
92KB
-
Filesize
92KB