Analysis
-
max time kernel
162s -
max time network
169s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
13/03/2024, 19:36
General
-
Target
401c443e691b39e3e63d43b45f5a30b36033edd23282589946e2fc14598156a2.exe
-
Size
3.8MB
-
MD5
3a30def6c4e65b6313916965985ee60f
-
SHA1
9d30881960758dd82ee1af383dd931cec5e5dfd7
-
SHA256
401c443e691b39e3e63d43b45f5a30b36033edd23282589946e2fc14598156a2
-
SHA512
6ad563ebccdcb6d9d1e3c9f585531d8346defdb7500e537e28a7db1c85907fc43638c6f33c89e7f969b2b618899746331602da996b945e9700a85e733a817155
-
SSDEEP
98304:JOwS+IkEaXDK9jRPqFlbh7GS1IAPpOEWbaMP2yoF:ghk891PqFF7rPp2syoF
Score
7/10
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\401c443e691b39e3e63d43b45f5a30b36033edd23282589946e2fc14598156a2.exe"C:\Users\Admin\AppData\Local\Temp\401c443e691b39e3e63d43b45f5a30b36033edd23282589946e2fc14598156a2.exe"1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx