e5b15631a19ef6e4312e22d6b8d4cce2a5eba2a1c954b80ebe6776e6f3e0c250

Analysis

max time kernel
140s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 03:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

555dea71f33152b96d5c96f8f2ef5868.exe
Size

810KB
MD5

555dea71f33152b96d5c96f8f2ef5868
SHA1

e4f600837be75f60e062176bbd41c307ab2710fe
SHA256

e5b15631a19ef6e4312e22d6b8d4cce2a5eba2a1c954b80ebe6776e6f3e0c250
SHA512

4dcb8b357af3be920d741296b8c26795e32b6bb71ffcaf629299c8095e85cab93a029fd355e046af05c4e761031f23949846bf8b9ba54b4f9c3d7806237ddc69
SSDEEP

24576:tWRT2WGMCL+K6zE//v8rxWsR8u/sgAzS6zC:tUJNO+K663y5RBdAzS6m

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Program crash 1 IoCs

pid	pid_target	Process	procid_target
400	2996	WerFault.exe	7

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 400	2996	555dea71f33152b96d5c96f8f2ef5868.exe	28
PID 2996 wrote to memory of 400	2996	555dea71f33152b96d5c96f8f2ef5868.exe	28
PID 2996 wrote to memory of 400	2996	555dea71f33152b96d5c96f8f2ef5868.exe	28
PID 2996 wrote to memory of 400	2996	555dea71f33152b96d5c96f8f2ef5868.exe	28

C:\Users\Admin\AppData\Local\Temp\555dea71f33152b96d5c96f8f2ef5868.exe
"C:\Users\Admin\AppData\Local\Temp\555dea71f33152b96d5c96f8f2ef5868.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 212
  2⤵
  - Program crash
  PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2996-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2996-1-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download