Analysis
-
max time kernel
133s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
03/01/2024, 13:47
Behavioral task
behavioral1
Sample
3eb167e6af798c1a16f77590a34a54f0.exe
Resource
win7-20231215-en
3 signatures
150 seconds
General
-
Target
3eb167e6af798c1a16f77590a34a54f0.exe
-
Size
379KB
-
MD5
3eb167e6af798c1a16f77590a34a54f0
-
SHA1
0d425913fd528847f4f9880ada37ff86d4498f29
-
SHA256
58c00ad9aca7337ba03e99f65dfc6da5619a91bc20b3a71d131fa1549d5701e1
-
SHA512
8e649ef883edb149d5bb5d809d24731928fc276526b99f74fd68ed00df113bf0b297909033a36327e5595efec11f00aae6845f8992fad278a404f66dd7e10f91
-
SSDEEP
6144:K+qn/00gA1pJzXsWuTHgU9xGJRKeOGDykNwS1F8kqslg92YAoS0LEx:0s03z8tgkGJRxpw4osO2JoS0LEx
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral2/memory/4996-0-0x00000000002B0000-0x00000000003EB000-memory.dmp upx behavioral2/memory/4996-4-0x00000000002B0000-0x00000000003EB000-memory.dmp upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4996 wrote to memory of 3768 4996 3eb167e6af798c1a16f77590a34a54f0.exe 94 PID 4996 wrote to memory of 3768 4996 3eb167e6af798c1a16f77590a34a54f0.exe 94 PID 4996 wrote to memory of 3768 4996 3eb167e6af798c1a16f77590a34a54f0.exe 94
Processes
-
C:\Users\Admin\AppData\Local\Temp\3eb167e6af798c1a16f77590a34a54f0.exe"C:\Users\Admin\AppData\Local\Temp\3eb167e6af798c1a16f77590a34a54f0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4996 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\31.bat2⤵PID:3768
-