Overview

overview

10

Static

static

10

69ad94630f...57.exe

windows7-x64

10

69ad94630f...57.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    20-01-2024 06:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69ad94630f3e0bf328ddee4b54e3f057.exe

  • Size

    100KB

  • MD5

    69ad94630f3e0bf328ddee4b54e3f057

  • SHA1

    f52288dc5df0e42091a7ae7ea71564ce03ea0607

  • SHA256

    2bd1cc1d9e1483c9d476331be8457cdef8cb445f8d20830fe299403e1233bb54

  • SHA512

    59311a90b6cf057d8e7eebda421614c23f404347f346f78055aa6c0e15d97053cdbea550dbea090a99d931dc83800f6a32c5a6fe9a87020210d290e4386f18c7

  • SSDEEP

    1536:mJv5McKmdnrc4TXN/x1vZD8ql6GrUZ5Bx5MlD7wOHUN4ZKNJf:mJeunoMXNF6+E5B/M2O0OgF

Score
10/10
poullightspywarestealertrojan

Malware Config

Signatures

  • Poullight

    Poullight is an information stealer first seen in March 2020.

    trojanstealerpoullight
  • Poullight Stealer payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69ad94630f3e0bf328ddee4b54e3f057.exe
    "C:\Users\Admin\AppData\Local\Temp\69ad94630f3e0bf328ddee4b54e3f057.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1956

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pthh8okj24-s8tr6p6s
    Filesize

    92KB

    MD5

    d846467d4c15ed836fe37147a445f512

    SHA1

    1799ddda121a8a1ed233d5c7c0beb991de48877f

    SHA256

    fbb272e004e70c5ba81dea2dfb93d02c06fa8b79be32cc712990d6d5fc8ef74d

    SHA512

    444bef23f7634802b203c2a934165e8ca1f8217fe67f86b4d2b40501099fa1eb1f7ba60b184271afd28fa620d6edbb8433084b6ef1b03932438c4dce64a77c84

    Download Submit
  • memory/1956-0-0x0000000000250000-0x0000000000270000-memory.dmp
    Filesize

    128KB

    Download
  • memory/1956-1-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1956-2-0x000000001B120000-0x000000001B1A0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1956-80-0x000007FEF5690000-0x000007FEF607C000-memory.dmp
    Filesize

    9.9MB

    Download
  • memory/1956-81-0x000000001B120000-0x000000001B1A0000-memory.dmp
    Filesize

    512KB

    Download