Analysis
-
max time kernel
145s -
max time network
156s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
19-03-2024 18:47
General
-
Target
4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782.exe
-
Size
316KB
-
MD5
cd4121ea74cbd684bdf3a08c0aaf54a4
-
SHA1
ee87db3dd134332b815d17d717b1ed36939dfa35
-
SHA256
4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782
-
SHA512
af2b1ee11be992295a932fb6bf6221a077c33823367e5f26aa7b4f9bdd573482a67b2dab90cc778096cd57bf5892adc0678d23fe73de39c29f9377b1835ca100
-
SSDEEP
6144:oIh0zAu3vOiefUQH3PDKcL90ICtZRIfNJcqTJt2e83Kvixc9Ai2kNND80:o+0cu3vOiX0qIsZRIfjcqdt2e83KSC5N
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782.exe"C:\Users\Admin\AppData\Local\Temp\4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken