Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
12-02-2024 18:41
Static task
static1
Behavioral task
behavioral1
Sample
51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exe
Resource
win7-20231215-en
General
-
Target
51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exe
-
Size
1.4MB
-
MD5
92ce24ce5e4c59c88d22ec72b58a8874
-
SHA1
51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e
-
SHA256
6b9dd7cc574ff046cebc9887ce2ef8cf20c5cc075d8c6bb91f415c1ce247355a
-
SHA512
658a7ede1a1c91056c18947f4098fdbb8400179234709023e2685662f46418209646e073a17e3ad56ba67b165b2a3e4de9dab218fd72f3c05efd7412525a87e1
-
SSDEEP
24576:rOuf9Qc9RD0lxVxa0L2W4V2sx5CDBsdXNzMbCuE1BkWU/ngN+zeABd:r7/Il740CW4VX/CDBsh9GCd7tU/lzTd
Malware Config
Signatures
-
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exejava.exedescription pid process target process PID 3668 wrote to memory of 1936 3668 51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exe java.exe PID 3668 wrote to memory of 1936 3668 51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exe java.exe PID 1936 wrote to memory of 4732 1936 java.exe icacls.exe PID 1936 wrote to memory of 4732 1936 java.exe icacls.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exe"C:\Users\Admin\AppData\Local\Temp\51ffa503e65ad126b9d9ae20a9ef3b1ec4f2f65e.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3668 -
\??\c:\PROGRA~1\java\jre-1.8\bin\java.exec:\PROGRA~1\java\jre-1.8\bin\java.exe -version2⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
C:\Windows\system32\icacls.exeC:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M3⤵
- Modifies file permissions
PID:4732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46B
MD510ece20df47ad838d949beda94b2b6ef
SHA18c70ab97c87d67d8ddd9ecbd244eded59c679c4f
SHA2569a6dce16f1e842d5bb72e76f46b430600eb7191100b03a01b1f138d7979ffa5d
SHA51283706f0445bccefc0b6c6c5bff69c1933492baffb3e140f8fda28580ea946ca79f968380379c2f64226c246b0cabfd93ab2d951ffbe2192d92a7aaf9940b76f4