Overview

overview

10

Static

static

10

8524e36f12...55.exe

windows7-x64

7

8524e36f12...55.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-01-2024 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8524e36f1291cd8eab742484784d8d55.exe

  • Size

    93KB

  • MD5

    8524e36f1291cd8eab742484784d8d55

  • SHA1

    45362afbaa0ceb721d0139300a45f9f0add0c044

  • SHA256

    f1d4d4a12d43f6e2c8cb6165e8b11416f2fa4deda89e54f6713cf79cdf54b9fd

  • SHA512

    026d84379d81be4cbc02a2e41b9ab09f2cb5d04b726b1c50f79ad61a692a4aaa174c9aa04c76d3af166347cd20ab9849043a7b33ba967f274d38f98ae9c390c6

  • SSDEEP

    1536:oWTHVn5wa8TXvqHp6kzWgDaO3C54Gf3lagvHkMTafiyVDr1lVU93jy0:oWTHVn8TXvc4O3CFvlaSED1PIj/

Score
7/10
spywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8524e36f1291cd8eab742484784d8d55.exe
    "C:\Users\Admin\AppData\Local\Temp\8524e36f1291cd8eab742484784d8d55.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 508
      2⤵
      • Program crash
      PID:1312

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads