06513f1517419cea31daa73ceb9ff9fbe6ffaa8bdd66d7e3af95b84c377c546a

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-03-2024 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0x000600000001413d-159.exe
Size

4.6MB
MD5

a026d536a303ffb878a59e3fbecfa54f
SHA1

adec7d1bbbeb0165cc8467be53fd150a4a518c53
SHA256

06513f1517419cea31daa73ceb9ff9fbe6ffaa8bdd66d7e3af95b84c377c546a
SHA512

841b9296d45b0663a6673861520e0c903e4c891b2a8b2f5ecfb9b2af14278cc708d3fd2183d34168263470f88936d27ba9dbc0b8463bd8537b14ece5c54f97ed
SSDEEP

98304:yoR2I5wqk0BAX3yRx31gjqpSTZZpzGcyn4OiZrq1DfPHNADtV6v+D:5/lSZpzGp4O7NADtV6v+

Score

7^/10

evasion spyware stealer trojan

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	0x000600000001413d-159.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2424	0x000600000001413d-159.exe
Token: SeManageVolumePrivilege	2424	0x000600000001413d-159.exe
Token: SeManageVolumePrivilege	2424	0x000600000001413d-159.exe
Token: SeManageVolumePrivilege	2424	0x000600000001413d-159.exe
Token: SeManageVolumePrivilege	2424	0x000600000001413d-159.exe
Token: SeManageVolumePrivilege	2424	0x000600000001413d-159.exe

C:\Users\Admin\AppData\Local\Temp\0x000600000001413d-159.exe
"C:\Users\Admin\AppData\Local\Temp\0x000600000001413d-159.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of AdjustPrivilegeToken
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1408 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\d

Filesize
12.1MB

MD5
344cc1aaef905e1596b42d16efbf34f6

SHA1
51440e372b348de2a2259fb269af7039b160c9fc

SHA256
a61a70d7a3445e2affc9a4e4b8451313d41172f0e32d897cbdf0fcae60f91fa0

SHA512
a640bec1fd7f54e565422316bd6f66cbefaa1ee8da6d1515842df97f76bbee0a2b43b632e4fde6fe299d7d572c45d7a930dce055834980173131463ceaadf073

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.INTEG.RAW

Filesize
66KB

MD5
c7f8fe361f2a64472428ae6a5825be4f

SHA1
afe72da1817d13f75a2d90230f12c7ee1a57d7ac

SHA256
52caa7e026e243b8f101c12c64795443eee0b9084f1271dd27103416943261f7

SHA512
b0d64935d65a0fd60e27f158c785c92ab0b43708fbe3f8c94f0c25dcaf83c038c56507dcae54bf0d56c8d3cc9ebf9facc6563ff0728a37f8dced09b260a98e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
bc089120e6d6b97801424172085765a1

SHA1
7d7666d79633858831017c5eac9a22ed27f66ae4

SHA256
cb7fe4291a1dc94f75d55d1ddd2eed80fa1c25d0b424fa81ff88ebbbea89a7c3

SHA512
d0ba48483d689e58af4f0a639f75eb7eff09478474210f542d0e3e81f1345136506224c64431f3fc790586b25f29d30f16eb9464ba6bd863d8ef5a46b908bc08

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
94e742828d082f771cd4c715f8452d85

SHA1
c619df4042589455dabea33af9705fc2631a4ef2

SHA256
c6ac09888e8adb338b5f630073bef9628ff356dbc11150248ef3507bb5bea757

SHA512
5996717db2b844a04ca33c54aa69c52039c7ff8f9ee2c98e7599d5d46024071ccbf254e0fa4732ed33915e21c5fd726d19e4a03f5deb556d870ef080fa002e10

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3592a71cc702811b3966bd4687d9526b

SHA1
a1bf8c0e7c46551cb81eb7800c07a734ed45061f

SHA256
3dccb7d48714ede8db61234f33ba09b088a11e5102928432f2c0d59c9babfbdd

SHA512
56418a3037621132dec6865e88a7def8c31527ab0e79959fde4f83a34d36fd40812d77bd1f13c00fe976b9d674f50cfe2ed2a536f98091636efbedeee907894b

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
71d0c817d7cb734c38ebe11c265d8942

SHA1
906a7c9aeb406cfb959658c6810950ea2122619b

SHA256
8e18007334993d889c4e2fbeebc1b3925453e437b8dd9b43733ceda15f0da3d9

SHA512
73489736e4841a04cef6d605742db2a7bbb044f4a577e8980b5b1c1e26bb8249c329fd2ec010e3d016d5f4c1d87d1aee98843286e5b1d99e888cb084bac87a58

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
e1cacb9d12d5453fc17a35692339578b

SHA1
9aad4f09175cd6ec43065fedbbda14f373a7ebb8

SHA256
2d720acbc18be3d11317da04373ba13638f2b50162a853067c6384010eb7967d

SHA512
46aeec11e62c74d0f344e8a18e933f6c856623f81180395033367f8205e3a14d40cfdaa4e56751608e3c911b7e605223cf6554767952d25c1710a0da10509cd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
f912cb20199de2ca0e12f04152b69b09

SHA1
b2902f235ca71abe6f2cf2e5a9c1936cbbf3a4c2

SHA256
b0e88e07486c23e1a25f93c0dafc645151dffc929f0c1b3ffa57260545145778

SHA512
f0c284f85b1d68cb0e121830fe94d1a0cf3b7942faf99332a76a2f187052f1a0da38d63110972725ba3114b24ce4a265b329e19c6c5d9cefb2d0ec9273a15686

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
be7288992ffbc45a86fea98659562adb

SHA1
859174c76afafe0b922766cf0981a6902d0af632

SHA256
fa27b45c58cffc756ac3e8abe59bc864536d1b3a381df76b064b383030ab524e

SHA512
d73f01f478f6964253ab981f532950cafccc1f5e815d39a719d24a9b32572ca213fe28ed888c0cdff8117347e2c0bc3e7456b4e0c6aaeefdb49c0c08c9931017

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
01ba18fb9c9dbd50dc14025144c40876

SHA1
43f1068250550fc397cc2646ca5ec5a7d374b85a

SHA256
1fc095ff65c29652098bbe62dcda7568bcd2b9cd810fb693a681f7c9786b7aef

SHA512
bfafb1c68aa37a27400f893351f6fa245236843513e7812044c9c348184132e8b6b5236cc5f92ac72230b74725295251445c95ec01fd6eb8e0ac508cc9c48807

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
058f3beeb72ecac0f61257b59eb01693

SHA1
1435d9121a110cb9dd84053908c03c8321932568

SHA256
8eab56fe6923c775247b41bf7224610700cfcd69415f686093bbfa491bd96b4f

SHA512
4a23fc12e8e6e1985412826a72eb7794756ce7122d2c359a0de55f912488be415e349d936482da8f1ac99b98409e15882518360a80d9e0e430b1e21403712ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d66f14cbaad33337ebcd1e0f576a8112

SHA1
3cd89feae86cf9cc77883e2faa5ca75027ba299e

SHA256
e8316e81cf17c208bf41a6db2bc75915e3a9147a500fd0b1347c1251a9022830

SHA512
cb8bcd90631d69452113b021981c85e0a468ab4fcab5daff9df0e45fd335c0231a00ce06705f3829ae2933fd91b8926770f07e6580c1b5769502f9d440a99e32

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
5a0a59913ca65d87931dda883ae9d7e7

SHA1
0a0fa04dfb550bb934a7c2da37daa1a20e209d1a

SHA256
2c6a9c9e11248e2efbad3c1d7a88c9a92d81e7b3fbef64680516e7c5824d81a1

SHA512
75162db193c2c1b540098736ef6283efd0fa97485a4774c3bf245b061cf38996c61983d6e3806569dce8d0c78614319488d13776577d1f5bdb863ba414b292df

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d66d231fea007ef59ea1d1ccfcbdb120

SHA1
638b6b897af1d1fb2a96b9821c070e8030201e19

SHA256
fe1632da428bad61282eecff9817f9bc0789245e907feaf4bd48f6d018d7050b

SHA512
79feae78d1da8976b7d8d2faf776d46bd1fc3d284611532f9a519a86fec5f664e1706cd2ea239d8673d359e51245584ecbe21ab02fe67ae5992c174b723b24d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
7d9ca3c58737609a396660a11536e3f6

SHA1
136a95765a2eb8c1d1147cda55077aa32a325c66

SHA256
629a6087dc175845dac0f7707338f37ee4b222f2b62a765dfffe2d03c0b76293

SHA512
0eab05756392ebf9176fa63a15168eb59e67e9913692ea97acb1b340b79fd597b9a507c08a26402834326a3630cb64e34e5dad1247b12c61c7e25265d211e695

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3dac572426214b0043a7c2cc9c2dec46

SHA1
164260b6a26d1eb74452f24a4887bf062320c1d0

SHA256
a0557383326da0d0b548cfb32ebfd26f7037dfa387d4e6234001547436f36aca

SHA512
66ab92f271d6e5f25835b144412bec9f21a19dec0c83c6285c618745580b08816079c7f9722a90f18593869bae56f78ace42143100b26613d68c2098f92a0f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c4af41ed4bd79e60b6a3cf1daecd1c3a

SHA1
7e93c80cf08a1beb21e4bae649aaca554e8c8519

SHA256
0ff9dab8f47cb6671d6076c0082606e61c83bcfb6d5e9505466d6ccc1898e2a9

SHA512
93f800d0467474a1c038a4734890fe31a0019fd6fdf8ba8a0ddb04d81af4c7f5ac0735b0dafc8f12d692c0dded45a355703ca41fa1bba97928c8b5b5980e831c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0835049fb7c3309cb69d058168ab623d

SHA1
32361c1ad5bec2e937ada49636fa2da8e1bdcd6e

SHA256
aef9e8f722e1984a20bcbe0f7bdc461af7a92c534e396b87ad1196e42ef70903

SHA512
18fbeb65c555563ca4186532658480b98f8d0a708012e8048e2277ff03eed278278ab16d2820c74ed47da712731c3bc495042f376cf5697c6922a98365ad3df9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d21e7c82ae9184347789d7272286820a

SHA1
832895b1d9ef1c37c0494eccab30840e308008a8

SHA256
7c91ccfdaf36f678be9a05f43aafaf24d8dea3e839cf4ea976022e62971ef7f4

SHA512
855a9730728ee21e7ea107b65db944e483a513fcf3beeaeff0637cd3b097b15c1c3a735b132f6f5bec30ffe1ea2cd95a05a7347c819d7876d032d8699028dee6

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d621b664f5c2207e51302f0feab171e7

SHA1
ccdb4d3bf6a768aecd5ef31109123f67bbdbe236

SHA256
cb3f8f6cd56dd9c44a5d694dd86101c6036891fbbfa96e264500ba8074876578

SHA512
521ac7b1c615953fd5c8256428c9135c711c96c8353b4dd01939e38cb7c291a4dd00e14e31c4a22f0bd9f10ec592eb45ea72a95b8947bbd171e84cdff43ef9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
a6805765f23394427b6ff0a0777ae215

SHA1
b6dee1fde2d49dec72d514f56372a0e9c1d9cf73

SHA256
6f6fa9ebd42348061aafdad47e930b49caf855dbf65fe8d534e47906c4122aa2

SHA512
63cfa05dd3f99ebc9174c95298b9a86db69d3c2728afb342584b49059f2432b5da879e1f86445af72bb3ed9b05495350c0b96095620e4a7d26e09f748012e326

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
c2e530003ff02ff8d8e0171cefd00828

SHA1
5f6b8f95ae83de0ae0380252dcb2456737399928

SHA256
f6c64fd59dfcbf32541bdb648f368d64d6539f20a3b108aa37764855f52baf31

SHA512
88eb09e23a9f5d5b9f9acd47090589493226e6a836698e2eb693a1839e4399aa24257a4ce1a540e4e854fe57c300feef8355f3009377c6f640e2052e43a7c2e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
d0450cf990bdbc26fd7900ff1e4e185c

SHA1
5fba185459a81b2eae151e08388060947c8ad1ab

SHA256
42632bc60ed30dad014ebcf1d20a2e55aaca025bd8569ce4818bdd025c5a8749

SHA512
427824d075dcce0ef716bd3ee9d8aee813f1cb7bec47f599ddba49ed888bedc7b9eea592b35e50609ec2d6a7683c83e806acf5279bd792bb73f7dff5bd1b0fe5

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
15345b6a5d69623eee2639e048275050

SHA1
eb19c0c45a62e1bcf430db3423d5420d88712b57

SHA256
e503553963670a53315f1406b7d9a9a69226146909de2cafe8efb8bacf890254

SHA512
a8f09ccbc33962a25a7d8cd7dd1b8ddfda4cfa836d5375853a66cdd8d1c77e342acce551cde9a8017c9247e24b0717a63e3be9f63c4a44b6403ce9827b8fbea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
385745fcf4ab01e7f47f9de6d15701df

SHA1
de9643fe822dfab425ce68873d639fbddf05ae74

SHA256
f7e06a6a4b0a1ee2c1052c406d3437fb28594c8bac251defae440d4afbf06cd9

SHA512
a48d7ed293947478293334833e624824457875f30ebb50dbcbeeb406c38e8f239c16c93304b2fe7a12bf83073ecae49272f766bc88fffbdca38d05401096981d

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
8585020b4fbd065f1f50f8e913b1d689

SHA1
05ca9784f1199acdfc050c925bb38655e3203b90

SHA256
4f64e08f6d11a9a18c2321571b7ba8b2045fcd68d068314158e165f4567c9d9b

SHA512
32ba39c3e689d5ea577d43e04ad6f1bc6ac4c3c498229471084f080c6d6ea27619101021b9a07576d70031e2470cbbc4a3336fc99444b6824c62e4976c90d75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
13c7f797423206522934584615330b2e

SHA1
e21f9fa6e356eb5c29d9667369a02474d6bd3f38

SHA256
650c0bf24d199c39193b7fb7944d3fbbd525f5c0452cf8dd9178ea7ec9f350ed

SHA512
87ae46a364375600edfb7e84b48164bee08eb7d674f75d259520bf03217309866ceaba21f4a9e76bb273d42403e31faf1356340940f026f0b05a9b6280850e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
a5ec80a43f99d06aa151a75b2203d32e

SHA1
ec28bec209eb2e2f9012c597d6b94d479bc570d8

SHA256
5f9286e2d8473b86ebc0e2efe9e3153a62657ec69cc7bde254667ae360e00fef

SHA512
8f8f6232b1788f34ca31c3245f4ea531cddf9936cd0060b35cac3f984d3afc92aa874b88ca181e9e7fac289866d0ebf4befad1b5efb063f5facb4af358acac9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
9854f1dfb29297e95408032a29972b51

SHA1
63f02d79d8c7c8749042f67f8faa65c8e5a48ac7

SHA256
ac9b2081b32e72329cf6fbc605e63a8c7f37a7bfd9b266088ecac67141dc1bbf

SHA512
07627ab4191d22e0a15d7e68f55c9022508a190109dc1b7090c1ed7ffdbd6b5a66d96a06394a3ef6f81f0ce80fe0b23d69ab8bff98c9d91c7622301b7eb6af92

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
0c83941c6cee772a5371a479ce0fa2ec

SHA1
dc4eb2d9718948f80919496bfaa2861232374e11

SHA256
2c7f33014b026cafc5d8e3938fc20bf31be2a95a212a101fb2336a33b15186bf

SHA512
65fba1d85d98cd68d3d79590a1a1614d279b48f921e32b7cb065a46cc670e10fb4ba28973c64602388a3cd740ddd7956a0e516e3cb38ba9d864ae9b76ed9e034

Download Submit
C:\Users\Admin\AppData\Local\Temp\d.jfm

Filesize
16KB

MD5
3305d02a107a8ae04e2cc8cd22b973b2

SHA1
d58fd18c6530617cee0b2181f1a68b804265ea7e

SHA256
b67d0b898b67b1c644796ceb69efdbfa8268c4638e45f55b32ae8994f31c3ea1

SHA512
1c760dd3192f880defcd778911c6c1f75daa19d94f78a736d5bd1e93913a389ba5fb57c59e059b7a353e72d7646c8e3bee8b2d9505ae7ef46c2f07ae64298e09

Download Submit
memory/2424-148-0x0000000004B80000-0x0000000004B88000-memory.dmp

Filesize
32KB

Download
memory/2424-21-0x0000000004D90000-0x0000000004D98000-memory.dmp

Filesize
32KB

Download
memory/2424-127-0x0000000004B80000-0x0000000004B88000-memory.dmp

Filesize
32KB

Download
memory/2424-25-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

Filesize
32KB

Download
memory/2424-150-0x0000000004BB0000-0x0000000004BB8000-memory.dmp

Filesize
32KB

Download
memory/2424-126-0x00000000053A0000-0x00000000053A8000-memory.dmp

Filesize
32KB

Download
memory/2424-163-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/2424-171-0x0000000004BB0000-0x0000000004BB8000-memory.dmp

Filesize
32KB

Download
memory/2424-125-0x00000000053A0000-0x00000000053A8000-memory.dmp

Filesize
32KB

Download
memory/2424-124-0x0000000004C10000-0x0000000004C18000-memory.dmp

Filesize
32KB

Download
memory/2424-123-0x0000000004B70000-0x0000000004B78000-memory.dmp

Filesize
32KB

Download
memory/2424-122-0x00000000049F0000-0x00000000049F8000-memory.dmp

Filesize
32KB

Download
memory/2424-119-0x00000000049F0000-0x00000000049F8000-memory.dmp

Filesize
32KB

Download
memory/2424-111-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/2424-22-0x0000000004DB0000-0x0000000004DB8000-memory.dmp

Filesize
32KB

Download
memory/2424-140-0x0000000004950000-0x0000000004958000-memory.dmp

Filesize
32KB

Download
memory/2424-18-0x0000000004B10000-0x0000000004B18000-memory.dmp

Filesize
32KB

Download
memory/2424-16-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download
memory/2424-15-0x0000000004A50000-0x0000000004A58000-memory.dmp

Filesize
32KB

Download
memory/2424-110-0x0000000004930000-0x0000000004938000-memory.dmp

Filesize
32KB

Download
memory/2424-23-0x0000000005060000-0x0000000005068000-memory.dmp

Filesize
32KB

Download
memory/2424-71-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

Filesize
32KB

Download
memory/2424-69-0x0000000004EF0000-0x0000000004EF8000-memory.dmp

Filesize
32KB

Download
memory/2424-8-0x0000000003F80000-0x0000000003F90000-memory.dmp

Filesize
64KB

Download
memory/2424-61-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download
memory/2424-2-0x0000000003E20000-0x0000000003E30000-memory.dmp

Filesize
64KB

Download
memory/2424-24-0x0000000004F60000-0x0000000004F68000-memory.dmp

Filesize
32KB

Download
memory/2424-48-0x0000000004EF0000-0x0000000004EF8000-memory.dmp

Filesize
32KB

Download
memory/2424-46-0x0000000004DC0000-0x0000000004DC8000-memory.dmp

Filesize
32KB

Download
memory/2424-38-0x0000000004A70000-0x0000000004A78000-memory.dmp

Filesize
32KB

Download