77a164b6f3112876b7b2b2c8a7b9ee57997ddde6f4e6cd5235f41c1cd5478621

Analysis

max time kernel
1s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
Size

314KB
MD5

259d9f8bc15f10ef1ab2c317761c9090
SHA1

3c2aab8e61c9921dea686a1122baa6c1b49956f8
SHA256

90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811
SHA512

81a7e3aff9f66aff436d2dabd93ce88499c15536ad3124977a284d8e7bf99be10a7b644ea4b4af32a6db4e1d5dbd823485a4179d928a58e748031416db92847e
SSDEEP

6144:9k0Ps14JKZ6JIpESQAko1/ndluhQyLTXBaW8GpjBlyQJNO0ww/LXz67:9BPZJev5Q/wd02yLTXBaLGpjBlyQDzwZ

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\R:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\O:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\M:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\J:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\Z:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\Y:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\W:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\A:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\P:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\I:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\H:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\V:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\T:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\S:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\L:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\G:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\K:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\E:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\B:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\X:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\Q:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
File opened (read-only)	\??\N:	90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe

C:\Users\Admin\AppData\Local\Temp\90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe
"C:\Users\Admin\AppData\Local\Temp\90b4871229a8654c4258d4d470475e891b7db88407f53653a110de8d70fa4811.exe"
1⤵
- Enumerates connected drives
PID:3612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\History.txt

Filesize
4.0MB

MD5
a9ce33625d0eb336687010815123a519

SHA1
f05ca6876edd49c6db1a7e6baf4e83a4872f93bd

SHA256
e75aeabfc99b82b0367871699110866dde2e0b8116ff3ee0f0dc257e9e9203c2

SHA512
83714fc808b24bf8d45e929435260e296e03e8f0206d31dc314f2dc83200c6b32c7358e8ca40e58ea95852133e7db581ad50b51f42173dc62305cfcf7e4f370f

Download Submit
C:\Program Files\7-Zip\Lang\bn.txt

Filesize
768KB

MD5
4e4784e148a0a5f3df5db0b674969913

SHA1
3a75d2d3f0447f5d1b5dcd7606a15072588c5a0c

SHA256
2ae34042f0345d78fd99fd2f3c5687777e84303957b61a62610895e48ee09e2b

SHA512
41647904f5acd38ab9d3c46d8464063ea8f40e0ed890aa72d10ab2bfa4e1e0831ba4118df28d84964705513f456eb29550b0fd409ad774770a22172036df9044

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
1.8MB

MD5
ce74ee0393f8ffc977b4af4471d0ab4c

SHA1
66219a2bbe04f0749ca53363d709a5faac57360f

SHA256
f21855381e68e40d178e01695a09fbc2b6686e9a8c55d93095699c95e7dceb1d

SHA512
e96744ffc0ad6d4d00652dbe0cbc06e5367325d66c7c1be21dc6ea9f96ce06eaa855566ccf4743a3656f3f6b65072667b437e94483d09af1ec8a137c023dcdac

Download Submit
C:\Program Files\7-Zip\Lang\es.txt

Filesize
960KB

MD5
1ae7622bddbd7a9d1234ec6aed96809a

SHA1
65f326c5d194e966b5a77973ffab610fbdde5a54

SHA256
e8846781bd49dbd91d18ee52b8c912991e0cdb54a52b751183c2b200ac83d158

SHA512
41c277253811642968896c09feed68d8805c62396de05b775a9c224f7dd3a63d5f1b325a8fdeb7553da7ea9e310b262b69cb8fcbfc89b804ce265c39ba7d00ec

Download Submit
C:\Program Files\7-Zip\Lang\gl.txt

Filesize
1.1MB

MD5
beee8730a059e4fcdea5189801d7c36e

SHA1
f5cbbaa7d1bb00d0c92a60aa575536091684abb9

SHA256
ce9b4922f558ac4bb46665bbd512cdf71d3b74899cb1e2f37bfdb9542ecbe105

SHA512
d934b697b8eb9567a0f6c3c4c55db50fb634a38144511324c5f9da78d1ec040df1af1bdcf628efdc6c8cd7a12b2b0fc2d5919126d9df60762d58275517db9726

Download Submit
C:\Program Files\7-Zip\Lang\hy.txt

Filesize
382KB

MD5
820f20c19e1a87cc5866de7041f3a60e

SHA1
e4472da03e090dd0c545dc73be5af7d9a486dafa

SHA256
6eda616b5141fd40402ce3a0ff61ae6f77aafa54f1266adb07519ae782437675

SHA512
94c1672f88a31c5f8dff9c003741646be1909f94bca618dbf391da02e173a46fa8f5ac82744424b8d278fbf04b07726ee4f36b7626e52110a851481e1deaae36

Download Submit
C:\Program Files\7-Zip\Lang\kk.txt

Filesize
92KB

MD5
a8da16f86eea84ac39646f0d1f9a1f74

SHA1
f4b02b2b99c476a4c0ff54ac57cf6af50691327c

SHA256
73e9029a97f2d1346221426c3509ce8c4f1e122b66c1a43d82220595be1174b2

SHA512
468aaabd3cbae2550c956dc25a2113bdff164cdf72507748ea5c9e2614001e7a8f0739b404ab29ce1e185dfb6de76086197996cfb84d2d7ae5aaa46753074860

Download Submit
C:\Program Files\7-Zip\Lang\ky.txt

Filesize
92KB

MD5
10f2ee41bce374b64151ba60e9fb17a4

SHA1
3beb75dbd020726b6a6af24966e35a1bc1fdf77c

SHA256
844126fccb261c97c7d7bac194dd3c68593f91dd0ed16825c43d478d630b9d4f

SHA512
2b9e9d252bdf457cbcce16e47e0214ab9f1486ea4f918b55c11d8bd16cdf2e144bac5ac309e1bd669070c41d346d26bb1de08619b50faf688b0117e8546941fc

Download Submit
C:\Program Files\7-Zip\Lang\nb.txt

Filesize
92KB

MD5
d216dacadc2f77d788c8a094f3deeeae

SHA1
0de112a8fd0282ba8b6e2b5e9ea829cb361c3074

SHA256
bcb7e0036b41b1176946d5abcb8991afca388cf12e1561781669e88ec8cb5f42

SHA512
f9b7a4fd5823e53b9a4004c6ab3e2e35b966ec3d14d482c790111c26bc538551e891a23c5be6b4ecae7186f5d735eea29b6bd64cf1b39be7c5bad83522a4ab12

Download Submit
memory/3612-380-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-1238-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-318-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-0-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-541-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-860-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-1028-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-1-0x0000000000560000-0x0000000000563000-memory.dmp

Filesize
12KB

Download
memory/3612-1478-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-1678-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-1890-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-2117-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-2336-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-2550-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-2795-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download
memory/3612-3013-0x00000000009B0000-0x0000000000A9F000-memory.dmp

Filesize
956KB

Download