Analysis
-
max time kernel
91s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
25-03-2024 20:54
General
-
Target
d_win.exe
-
Size
68KB
-
MD5
ca8dcb4c02f5b3b09b0bc49452f05bd6
-
SHA1
0e0001da7e198da8e3e82252d5414dbcb8bee9d1
-
SHA256
eb22f22fedb24ef3d06d2ba6ac9bc53528f8d1e489fefeac9501b926a0be6097
-
SHA512
9221c98a0ad3179725fd66de3fcfbc0f97af300431d82645ee0b9d8e16a756b7881a91f661a569156bf0d5984e54703d513d753329bffd382327cc7a194ffc48
-
SSDEEP
1536:yHjUeTD0DsbEmDx1xhiBsrQLOJgY8ZZP8LHD4XWaNH71dLdG1iiFM2iG2hyqM8EQ:yDUeTD0gbrDx1xusrQLOJgY8Zp8LHD4D
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\d_win.exe"C:\Users\Admin\AppData\Local\Temp\d_win.exe"1⤵
- Enumerates connected drives