2fc9c826723fc0e847ab8cdad9686b48d8c291397264ac5ee9bef2805cca37a5

Analysis

max time kernel
134s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66829eff38c8ffccd321ddfdc8b33a1e.exe
Size

1.5MB
MD5

66829eff38c8ffccd321ddfdc8b33a1e
SHA1

867ac5e250fc06a9f6964170e077ea40ed8f5f72
SHA256

2fc9c826723fc0e847ab8cdad9686b48d8c291397264ac5ee9bef2805cca37a5
SHA512

10d06c7336162b91df7cf67a0665ac35dfd993c4d4f4ec7871b93bbd9e3aa27dcbced328f29719222f75f125498e3e344132bf46ba50a99ce551ff83e0e984ab
SSDEEP

24576:t2RtsxfT5Ecc6hwjZhWlkPzYiPnoIs9WoyZpGeWJkRUndufH5NTQ9ljnOAJI6g:0kfTNEfWlQzBPnoIs9WoynWaaAfXTYlK

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2456	66829eff38c8ffccd321ddfdc8b33a1e.exe
2456	66829eff38c8ffccd321ddfdc8b33a1e.exe
2456	66829eff38c8ffccd321ddfdc8b33a1e.exe
2456	66829eff38c8ffccd321ddfdc8b33a1e.exe
4944	66829eff38c8ffccd321ddfdc8b33a1e.exe
4944	66829eff38c8ffccd321ddfdc8b33a1e.exe
4944	66829eff38c8ffccd321ddfdc8b33a1e.exe
4944	66829eff38c8ffccd321ddfdc8b33a1e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 4944	2456	66829eff38c8ffccd321ddfdc8b33a1e.exe	88
PID 2456 wrote to memory of 4944	2456	66829eff38c8ffccd321ddfdc8b33a1e.exe	88
PID 2456 wrote to memory of 4944	2456	66829eff38c8ffccd321ddfdc8b33a1e.exe	88

C:\Users\Admin\AppData\Local\Temp\66829eff38c8ffccd321ddfdc8b33a1e.exe
"C:\Users\Admin\AppData\Local\Temp\66829eff38c8ffccd321ddfdc8b33a1e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Users\Admin\AppData\Local\Temp\66829eff38c8ffccd321ddfdc8b33a1e.exe
  "C:\Users\Admin\AppData\Local\Temp\66829eff38c8ffccd321ddfdc8b33a1e.exe" /wrapper /dir="C:\Users\Admin\AppData\Local\Temp\pkg_231935b0"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\66829eff38c8ffccd321ddfdc8b33a1e.log

Filesize
10KB

MD5
e0fd5f1d7aa80a2a229dd1d7f3a93a91

SHA1
aee19d16dae1927b0364f065ce76f23761a9244d

SHA256
b8ae123666a179422b9aa08b7617b4235233d8405a9c35477b4b4a216c61e198

SHA512
b7de35c87365771586660d87ec06f2f60774bbbf3c2fff221b4686220a20515291c1e5cd54e7c2918b4eb57a3c86ce78fd94b1a7d02620f88c8b6dda0f26b93a

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\autorun.txt

Filesize
278B

MD5
9b6c004dfeefaed424318580a790a2bd

SHA1
07f2d026bf55d3c25902d570741b0c183b6df73d

SHA256
983389374c9d4e12c57f9fd96f12242c9ed0844f5dae0e547a7b2ec0b658e465

SHA512
8ccf4c0d83755899a8b13faa025b009d4f676dd15c899b1209e96cac238bbee33f6cc34fa4827f24080a9bbcd64b6352aa2b6fb4c9177a88bc7f9344bc81ef69

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\detectionrules.dat

Filesize
1KB

MD5
d962a3c8f44df915719644c172587df0

SHA1
f02cb8f08e9766bcf950f603f14ffbd699a722a9

SHA256
268ea2b1ce7bc0dcb485dbf87f1903e57bd3322b2bc14ec10607ce73e104f70c

SHA512
765ff2a228eac9acf8ff5f3eb8aa62898d5027f6e63033dea3e0be9c36faa3afcde23fbd55610319d8807800a89b83849169dea3c460de5d53d693a54f337543

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\postbackresponse.dat

Filesize
1KB

MD5
8c92c1576b66c2ab5d46ac3ec7d5b525

SHA1
32a2d0d89295a235f442e25b51200b72da9bb317

SHA256
3e6059455582f4a2e8fbaf2348ddbe7676b7e84eeeef90afb2e6df613c9add40

SHA512
d226d936bb76423d4ecf4bd7cbc4a4eb5fb3acf0b86e1629262ff7d091efca345739467a18cb38da52594159cc10e7e87b7339aa8ba284cdfe9e026e2b05d6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\stubinfo.ini

Filesize
62B

MD5
534805b650fcccfb6c3429305f30581f

SHA1
b759da4ceb80c79ba1e50a28e1602714d10e9c23

SHA256
432b1417e125442aae2e867d54ab1fcf2f92ebd4f7a44ac99d2b22061145f6e4

SHA512
b9f760cdcf4d3df24c32f879473cb61068aa60d0078d68a8352212a3ee233baa0ab3bb86814f923078f279b73a1e5838c68f994fdf071635387c00db2782d876

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\timings.txt

Filesize
386B

MD5
fea8f8074550f4ec3e83778f0ca26688

SHA1
e941388f3f3da9ae88c3e7c7466cf2994afbada5

SHA256
b46aeb22ab887ee62f662c75457e303f08a47b705d584f46bca1a9391529ed0d

SHA512
4a9ea58df15346936d32e76edfa469e9812bc413fe855f15b4becb8242b7653c1b57b4059f5a1d9b728138562c0a4ab02e9116b4a417d29e13bcbc3914afca42

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg_231935b0\wrapper.xml

Filesize
666B

MD5
11e86fc67f1a0c0b055debfa85d59412

SHA1
8fff11073fe0418bdb39a382fd2d0be92d5c426c

SHA256
cc8bf3bd83b3043c23f9ec7bf37215e65b6e48652441ff849ab50efe2923bec0

SHA512
f4d0becba3d00ba365651dfda6a1cd5556e47f8cfa683afc07da398aac6f36941bc2e9e3128f7f6c3827c3129b501de767fcd9da63bbd885591c1c1ef9827ed1

Download Submit