Overview

overview

7

Static

static

1

56fee87704...5f.exe

windows7-x64

7

56fee87704...5f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2024 16:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56fee8770468e0ce722631fdd6fe405f.exe

  • Size

    1.6MB

  • MD5

    56fee8770468e0ce722631fdd6fe405f

  • SHA1

    f457dd68129d65723c07039748b423e41edffeeb

  • SHA256

    4fffabe274a18ac209db945b4289b02db2afb4055000f160acad800d0e59773a

  • SHA512

    db831a79483db041b2a216c1268e64cfa35f149e3d441ee34c0d369458b8e70ca401f4f66863d03912468854a20d7b4bb9cfb5d80e9c619a9520de2c780ba1d6

  • SSDEEP

    49152:o/fwhofLeH4si17tnyKl6ZAZ5a0mLTqbrY:owhweHxiUMaxn

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56fee8770468e0ce722631fdd6fe405f.exe
    "C:\Users\Admin\AppData\Local\Temp\56fee8770468e0ce722631fdd6fe405f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Users\Admin\AppData\Local\Temp\56fee8770468e0ce722631fdd6fe405f.exe
      "C:\Users\Admin\AppData\Local\Temp\56fee8770468e0ce722631fdd6fe405f.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_10352c3740"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:4408

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pkg_10352c3740\autorun.txt
    Filesize

    115B

    MD5

    f50d08ebf948260bbf516dc91c0baf23

    SHA1

    2134bbb5f9934f85ba69269ae47fb14d94394f07

    SHA256

    a739df05572d396a220291f7031a11a146d390be7beb5cbe3728694e432a18fa

    SHA512

    e64b7febbcdc0d00c8a3de791e1f559b2b89d550f01f8aea49b5a25c1d367f1592057c8ee67d3dd2e6fdc93d0ad456084b9cc74f668118329ee64d285262fd64

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pkg_10352c3740\wrapper.xml
    Filesize

    798B

    MD5

    1d45a29e3511b982a1f91b33c70e964f

    SHA1

    176a47b489be3f27dc354a2b9dd0b580bb2f3904

    SHA256

    0a69c29fe16727b18425df8ded1cfe9d07a380b9f23f1beb32f60fefc000b3dc

    SHA512

    c574719f56a9cc0a3c393001f0774a5826afa5972906d9d9d214a183724a9f7226483a7181a0030e0f801b481a19957761efc170a10850aec786623eb939eb69

    Download Submit