82124a1a1031c492b955125e0a17ed8ca233590a538ece164b088de9804ef54e

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d66bd97a1aaff1dd5afba1b8f617cff7.exe
Size

222KB
MD5

d66bd97a1aaff1dd5afba1b8f617cff7
SHA1

1a00ea4cfc61e69154733853cbab317c61980f5c
SHA256

82124a1a1031c492b955125e0a17ed8ca233590a538ece164b088de9804ef54e
SHA512

574c42990ecfe881c55432e0cb3fd55c63de2fef1d0456982ed3768ba1a929b72761edc0257e89cdf9c9fb9cd758c0daf6f79e81c5894d1e6902109a6ff44217
SSDEEP

3072:CKiG5vJC0Q+A/y+8j8NaBrQIw3LTj6/ed7186o8A3l1RLnYT0wOBZICg7n6FZpof:tiGVJ15+W8cYyU71zo8A3l1RnpkCgDS

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4284	d66bd97a1aaff1dd5afba1b8f617cff7.exe
4284	d66bd97a1aaff1dd5afba1b8f617cff7.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4284	d66bd97a1aaff1dd5afba1b8f617cff7.exe

C:\Users\Admin\AppData\Local\Temp\d66bd97a1aaff1dd5afba1b8f617cff7.exe
"C:\Users\Admin\AppData\Local\Temp\d66bd97a1aaff1dd5afba1b8f617cff7.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3732 --field-trial-handle=3016,i,1323102786462900035,7687994236215859601,262144 --variations-seed-version /prefetch:8
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp74B5.tmp

Filesize
253KB

MD5
7456ddc96a1d4d8b74a7196bcc1e41af

SHA1
fbed49e29cfe75891b9c2b8c1a87321d445377e4

SHA256
98f41504864178c0d59c6e9db801f9cccb2c43ea2e08b16a6626c8887a9c17a9

SHA512
4f0be4ff9a14b75801feb443780734684d4828c772e7efc26cf754ee5d3d935c034ccfcf0957b962dc6a056ffe2586e9ab7866b137a7abc42a4d58c3c141c939

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp74F6.tmp

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp753B.tmp

Filesize
92KB

MD5
fbe4c51ee21cb3ec2e3c7698c9f7bdb0

SHA1
22f78716f3ab309bb89a86dc7f2f4f71f05e5aae

SHA256
fd94eefb6e43f441bc8daafd21b51612016a8baecf93a088e91e4e3b6c0b36d0

SHA512
6185afbbb674c2dad6a737fff3e7283633595bb8aea200b1312a98967060f3e3bd93c2f51116ce5350de6d9abd78c0de8aeb31706b85e793e00e104a08353278

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp767F.tmp

Filesize
36KB

MD5
97fbd47e0aeb031b70525fb44a618db2

SHA1
32bed953b03263c24e5b76dcef1d4599acf4055d

SHA256
66ebebef04e9b34a831d02f192a7bdc2a4336e93a8e2752c1bdd6515fae980e3

SHA512
b96226a759b79863e9e88fcbcc89de90de9c437d41d83195b8b0d136f4b1f6919b99563799216add0f4f16130ea50a544d06e7bd24c5dbfaca8a8f743291a41a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp76A1.tmp

Filesize
56KB

MD5
d444c807029c83b8a892ac0c4971f955

SHA1
fa58ce7588513519dc8fed939b26b05dc25e53b5

SHA256
8297a7698f19bb81539a18363db100c55e357fa73f773c2b883d2c4161f6a259

SHA512
b7958b843639d4223bef65cdc6c664d7d15b76ac4e0a8b1575201dd47a32899feff32389dcc047314f47944ebe7b774cd59e51d49202f49541bbd70ecbb31a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp76C6.tmp

Filesize
220KB

MD5
8bd3bdc420eb48a36a2d4c0fda765e3e

SHA1
fbb91327ad632f188c1c00a71a6db8f5f93c43ff

SHA256
f2f7d8f96fb6a0d5e78975e6712fdc8f6d2bcdbdbb096c14d041d8cd0c87eb9a

SHA512
8b205590b8293f0c3981526a2f9e774aa9901e2edeb86cce8e7eb1c0f11cafa9f80a788c2e4c247f66682f41e2333dae3208fee1fc990b999868c257999f7538

Download Submit
memory/4284-3-0x00000000021C0000-0x00000000021FC000-memory.dmp

Filesize
240KB

Download
memory/4284-9-0x000000001AFD0000-0x000000001AFE0000-memory.dmp

Filesize
64KB

Download
memory/4284-8-0x000000001B8B0000-0x000000001BDD8000-memory.dmp

Filesize
5.2MB

Download
memory/4284-7-0x000000001B1B0000-0x000000001B372000-memory.dmp

Filesize
1.8MB

Download
memory/4284-4-0x0000000002200000-0x0000000002206000-memory.dmp

Filesize
24KB

Download
memory/4284-0-0x0000000000120000-0x0000000000160000-memory.dmp

Filesize
256KB

Download
memory/4284-2-0x00007FFE22A60000-0x00007FFE23521000-memory.dmp

Filesize
10.8MB

Download
memory/4284-1-0x00000000008C0000-0x00000000008C6000-memory.dmp

Filesize
24KB

Download
memory/4284-224-0x00007FFE22A60000-0x00007FFE23521000-memory.dmp

Filesize
10.8MB

Download