Analysis
-
max time kernel
148s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26/03/2024, 09:18
General
-
Target
decffe124042575a9275b9a9ed5766f2.exe
-
Size
147KB
-
MD5
decffe124042575a9275b9a9ed5766f2
-
SHA1
cca125297b919c3acbd82b4578c8f7fa6e97c57a
-
SHA256
ea66282e565fcc7e50540527b56620da80e33c9a28efbb2c56543390ff3ec93e
-
SHA512
5ae779b5527989d302730cdd1c4edc7846418171b8b34371d2ea55563a960b8041a5589375ca97eb5f7bbfabb0d30ce9fc28d863160f3bea22675bba10249896
-
SSDEEP
3072:2VgHt8UDWHvkAU++6kjaXoVINNFlF1Uk86Icz2G1:2SVaHXK2XhLT
Score
9/10
Malware Config
Signatures
-
Nirsoft 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\decffe124042575a9275b9a9ed5766f2.exe"C:\Users\Admin\AppData\Local\Temp\decffe124042575a9275b9a9ed5766f2.exe"1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
248KB
-
Filesize
248KB