b23cb04afe59fee16c95ef5d24a67cb493d4ea88b62f6996e54493548acad6c2

Analysis

max time kernel
180s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe
Size

63KB
MD5

8631a8f38c49a008fa27a1206378e144
SHA1

b13d05d99b91fdff5802660218d26c4811e062a0
SHA256

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c
SHA512

989e642115b8453e5b806e70914243f728d38d29493cb75b49981dd390ad155502b2998bb435ec8f9e88ef0a4ca8921fd7a54f5685c4aef5167ee1a0ea16dee0
SSDEEP

768:FWSro9/JJCAaXRCZ+W8UVVMKccxkujVuIbRr4R9FF2GRz:4SE/Db0a+8BccxcIbV4zxz

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

description pid process

Token: SeDebugPrivilege 3340 55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

description	pid	process
Token: SeDebugPrivilege	3340	55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe

C:\Users\Admin\AppData\Local\Temp\55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe
"C:\Users\Admin\AppData\Local\Temp\55bc661ad4439400fc434fd6bab66f598c7272854f0453b451e31b84265eff8c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\UnlockYourFiles4.txt
Filesize
301B

MD5
f9229fd9d3acdd20bcc4e3cda98e09d0

SHA1
f6f04d9379762be5bf3fd9a542fb25b2c9542aea

SHA256
9df2c26122c75d33570c827ad0a3d00f1d424278d2513ca5c3aaf8d8c85f5935

SHA512
a662f0a0b1ec68cc03eea68c069422c341ab61a8c4d2a4badbb12a0f9161e8c1dca45deeed4014affa2c6fdb64674d40b8ffd945375c6dfdfe7db234c30b7014

Download Submit
memory/3340-0-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download
memory/3340-1-0x0000000000570000-0x0000000000588000-memory.dmp

Filesize
96KB

Download
memory/3340-2-0x00000000028E0000-0x00000000028EA000-memory.dmp

Filesize
40KB

Download
memory/3340-3-0x00000000054A0000-0x0000000005A44000-memory.dmp

Filesize
5.6MB

Download
memory/3340-4-0x0000000074AC0000-0x0000000075270000-memory.dmp

Filesize
7.7MB

Download
memory/3340-5-0x0000000004FA0000-0x0000000005032000-memory.dmp

Filesize
584KB

Download
memory/3340-6-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/3340-283-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download