Analysis

  • max time kernel
    133s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/01/2024, 13:47

General

  • Target

    3eb167e6af798c1a16f77590a34a54f0.exe

  • Size

    379KB

  • MD5

    3eb167e6af798c1a16f77590a34a54f0

  • SHA1

    0d425913fd528847f4f9880ada37ff86d4498f29

  • SHA256

    58c00ad9aca7337ba03e99f65dfc6da5619a91bc20b3a71d131fa1549d5701e1

  • SHA512

    8e649ef883edb149d5bb5d809d24731928fc276526b99f74fd68ed00df113bf0b297909033a36327e5595efec11f00aae6845f8992fad278a404f66dd7e10f91

  • SSDEEP

    6144:K+qn/00gA1pJzXsWuTHgU9xGJRKeOGDykNwS1F8kqslg92YAoS0LEx:0s03z8tgkGJRxpw4osO2JoS0LEx

Score
7/10

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eb167e6af798c1a16f77590a34a54f0.exe
    "C:\Users\Admin\AppData\Local\Temp\3eb167e6af798c1a16f77590a34a54f0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\31.bat
      2⤵
        PID:3768

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4996-0-0x00000000002B0000-0x00000000003EB000-memory.dmp

      Filesize

      1.2MB

    • memory/4996-4-0x00000000002B0000-0x00000000003EB000-memory.dmp

      Filesize

      1.2MB