972c0c557aef3b8373ce28cd2c13d09091a30135263cf1af27901e49370ab4bd

Analysis

max time kernel
154s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 23:27

Target

59af1666246388b5d5ab790612e0d43a.exe
Size

33KB
MD5

59af1666246388b5d5ab790612e0d43a
SHA1

c5ba046ad5978343dc87466c76df0a1b82a9a53f
SHA256

972c0c557aef3b8373ce28cd2c13d09091a30135263cf1af27901e49370ab4bd
SHA512

1dcad08f1640aa43d638962800b836cebe50ab39fe34294a02f09c28e663078845c8ff175c133aa2d1de2cb585667ace2652efabee101cc0e8ef9ae4e4d6317f
SSDEEP

768:RBD4C5u76tYBgNO7Q/XuL6C5sUB2Yys3/LaSr:nDdu77BgCWXO6hYys3/LaSr

Score

7^/10

spyware stealer upx

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3100-0-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral2/memory/3100-3-0x0000000000400000-0x0000000000416000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3100	59af1666246388b5d5ab790612e0d43a.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/3100-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3100-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download