be7f9c6015c1bfff3173610ee1585d7d30df70c84c951b1ea429d7c004cad243

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
06/04/2024, 11:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

BleachBit-Portable/bleachbit.exe
Size

39KB
MD5

5b00e9f5daa52e101d49b05f263f34cd
SHA1

e9abf8544fcd5083c68d45e24253805f2a21f1f4
SHA256

9d87edf4e1fe91ea98d45bd867071c826407b79ab013017e68b11f8bae37aa46
SHA512

643445b2bc1caf8ff18a5be2382a206566aca20f472a7c3e68e8c13bcfed66db8a9d3f11bcf9efc2f47e199265c4493eafdeb549942d13d9e9b2bdbb2ecb00ba
SSDEEP

192:yfQG9DrqrcQf7iUiEaux1Yx/CUnSrXca31vbpKbcOF918avi22MwftaRR1s37cU:NG1ercMHiENYB/KXxFv8bHgfERRm3V

Score

7^/10

spyware stealer upx

Malware Config

Signatures

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral13/memory/2488-0-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral13/memory/2488-1-0x000000001E000000-0x000000001E24F000-memory.dmp	upx
behavioral13/memory/2488-2-0x00000000685C0000-0x00000000686D8000-memory.dmp	upx
behavioral13/memory/2488-6-0x0000000068DC0000-0x0000000068DEA000-memory.dmp	upx
behavioral13/memory/2488-7-0x0000000064740000-0x0000000064940000-memory.dmp	upx
behavioral13/memory/2488-5-0x000000006A900000-0x000000006A91A000-memory.dmp	upx
behavioral13/memory/2488-4-0x0000000065C40000-0x0000000065C51000-memory.dmp	upx
behavioral13/memory/2488-3-0x000000006A300000-0x000000006A327000-memory.dmp	upx
behavioral13/memory/2488-8-0x0000000002600000-0x00000000026FE000-memory.dmp	upx
behavioral13/memory/2488-9-0x000000006A800000-0x000000006A87E000-memory.dmp	upx
behavioral13/memory/2488-11-0x0000000068F40000-0x0000000068F67000-memory.dmp	upx
behavioral13/memory/2488-16-0x000000006D4C0000-0x000000006D4D7000-memory.dmp	upx
behavioral13/memory/2488-15-0x000000006DD00000-0x000000006DD10000-memory.dmp	upx
behavioral13/memory/2488-14-0x0000000065340000-0x000000006537C000-memory.dmp	upx
behavioral13/memory/2488-13-0x000000006C340000-0x000000006C405000-memory.dmp	upx
behavioral13/memory/2488-18-0x000000006B280000-0x000000006B29A000-memory.dmp	upx
behavioral13/memory/2488-20-0x0000000061A00000-0x0000000061A38000-memory.dmp	upx
behavioral13/memory/2488-19-0x0000000063A40000-0x0000000063A92000-memory.dmp	upx
behavioral13/memory/2488-17-0x000000006D700000-0x000000006D742000-memory.dmp	upx
behavioral13/memory/2488-12-0x0000000062E80000-0x0000000062EA2000-memory.dmp	upx
behavioral13/memory/2488-22-0x0000000065580000-0x00000000655C9000-memory.dmp	upx
behavioral13/memory/2488-21-0x000000006D580000-0x000000006D661000-memory.dmp	upx
behavioral13/memory/2488-10-0x0000000064F80000-0x0000000064FBE000-memory.dmp	upx
behavioral13/memory/2488-23-0x0000000002700000-0x0000000002AF6000-memory.dmp	upx
behavioral13/memory/2488-24-0x0000000062940000-0x0000000062966000-memory.dmp	upx
behavioral13/memory/2488-28-0x0000000065880000-0x00000000658A8000-memory.dmp	upx
behavioral13/memory/2488-29-0x0000000061DC0000-0x0000000061DCF000-memory.dmp	upx
behavioral13/memory/2488-27-0x0000000068180000-0x00000000681C0000-memory.dmp	upx
behavioral13/memory/2488-26-0x000000006B8C0000-0x000000006B912000-memory.dmp	upx
behavioral13/memory/2488-25-0x00000000002A0000-0x00000000002BD000-memory.dmp	upx
behavioral13/memory/2488-30-0x000000001E8C0000-0x000000001E8E0000-memory.dmp	upx
behavioral13/memory/2488-31-0x000000001E7A0000-0x000000001E7C7000-memory.dmp	upx
behavioral13/memory/2488-33-0x0000000010000000-0x000000001004F000-memory.dmp	upx
behavioral13/memory/2488-34-0x0000000000400000-0x0000000000419000-memory.dmp	upx
behavioral13/memory/2488-35-0x000000001E000000-0x000000001E24F000-memory.dmp	upx
behavioral13/memory/2488-32-0x00000000033C0000-0x000000000342D000-memory.dmp	upx
behavioral13/memory/2488-37-0x000000001E800000-0x000000001E84E000-memory.dmp	upx
behavioral13/memory/2488-36-0x00000000685C0000-0x00000000686D8000-memory.dmp	upx
behavioral13/memory/2488-42-0x0000000068DC0000-0x0000000068DEA000-memory.dmp	upx
behavioral13/memory/2488-54-0x0000000002600000-0x00000000026FE000-memory.dmp	upx
behavioral13/memory/2488-56-0x000000006C340000-0x000000006C405000-memory.dmp	upx
behavioral13/memory/2488-59-0x000000006A900000-0x000000006A91A000-memory.dmp	upx
behavioral13/memory/2488-61-0x000000001EA40000-0x000000001EA72000-memory.dmp	upx
behavioral13/memory/2488-63-0x0000000068F40000-0x0000000068F67000-memory.dmp	upx
behavioral13/memory/2488-70-0x000000006B280000-0x000000006B29A000-memory.dmp	upx
behavioral13/memory/2488-69-0x000000006D700000-0x000000006D742000-memory.dmp	upx
behavioral13/memory/2488-74-0x0000000065580000-0x00000000655C9000-memory.dmp	upx
behavioral13/memory/2488-73-0x0000000061A00000-0x0000000061A38000-memory.dmp	upx
behavioral13/memory/2488-72-0x0000000063A40000-0x0000000063A92000-memory.dmp	upx
behavioral13/memory/2488-71-0x000000006D580000-0x000000006D661000-memory.dmp	upx
behavioral13/memory/2488-68-0x000000006D4C0000-0x000000006D4D7000-memory.dmp	upx
behavioral13/memory/2488-67-0x000000006DD00000-0x000000006DD10000-memory.dmp	upx
behavioral13/memory/2488-66-0x000000001EBF0000-0x000000001EC00000-memory.dmp	upx
behavioral13/memory/2488-65-0x0000000065340000-0x000000006537C000-memory.dmp	upx
behavioral13/memory/2488-64-0x0000000062E80000-0x0000000062EA2000-memory.dmp	upx
behavioral13/memory/2488-62-0x0000000064F80000-0x0000000064FBE000-memory.dmp	upx
behavioral13/memory/2488-58-0x0000000003570000-0x000000000357F000-memory.dmp	upx
behavioral13/memory/2488-57-0x000000001D1A0000-0x000000001D1B9000-memory.dmp	upx
behavioral13/memory/2488-55-0x000000006A800000-0x000000006A87E000-memory.dmp	upx
behavioral13/memory/2488-43-0x0000000064740000-0x0000000064940000-memory.dmp	upx
behavioral13/memory/2488-41-0x0000000002C90000-0x0000000002CA5000-memory.dmp	upx
behavioral13/memory/2488-40-0x0000000065C40000-0x0000000065C51000-memory.dmp	upx
behavioral13/memory/2488-39-0x000000006A300000-0x000000006A327000-memory.dmp	upx
behavioral13/memory/2488-38-0x000000001EA10000-0x000000001EA35000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\BleachBit-Portable\bleachbit.exe
"C:\Users\Admin\AppData\Local\Temp\BleachBit-Portable\bleachbit.exe"
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BleachBit-Portable\BleachBit.ini

Filesize
265B

MD5
19bd06917e7e0bd0a955b404460ccd23

SHA1
bf97f9991394fc3ca9bde9a7b598ef9f847a1d1d

SHA256
c255b17a6eef269f8011f69724927941d343b2b433489130ec45c564dad70fcc

SHA512
fe7b039e0bce6887b787005a22a556d359b836184b8c2c37da95dbfd95d8e1624b08a2861ac402c8d58006971bde578df9e7e8b9ff84d5c84f5735b9f16316fd

Download Submit
memory/2488-0-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2488-1-0x000000001E000000-0x000000001E24F000-memory.dmp

Filesize
2.3MB

Download
memory/2488-2-0x00000000685C0000-0x00000000686D8000-memory.dmp

Filesize
1.1MB

Download
memory/2488-6-0x0000000068DC0000-0x0000000068DEA000-memory.dmp

Filesize
168KB

Download
memory/2488-7-0x0000000064740000-0x0000000064940000-memory.dmp

Filesize
2.0MB

Download
memory/2488-5-0x000000006A900000-0x000000006A91A000-memory.dmp

Filesize
104KB

Download
memory/2488-4-0x0000000065C40000-0x0000000065C51000-memory.dmp

Filesize
68KB

Download
memory/2488-3-0x000000006A300000-0x000000006A327000-memory.dmp

Filesize
156KB

Download
memory/2488-8-0x0000000002600000-0x00000000026FE000-memory.dmp

Filesize
1016KB

Download
memory/2488-9-0x000000006A800000-0x000000006A87E000-memory.dmp

Filesize
504KB

Download
memory/2488-11-0x0000000068F40000-0x0000000068F67000-memory.dmp

Filesize
156KB

Download
memory/2488-16-0x000000006D4C0000-0x000000006D4D7000-memory.dmp

Filesize
92KB

Download
memory/2488-15-0x000000006DD00000-0x000000006DD10000-memory.dmp

Filesize
64KB

Download
memory/2488-14-0x0000000065340000-0x000000006537C000-memory.dmp

Filesize
240KB

Download
memory/2488-13-0x000000006C340000-0x000000006C405000-memory.dmp

Filesize
788KB

Download
memory/2488-18-0x000000006B280000-0x000000006B29A000-memory.dmp

Filesize
104KB

Download
memory/2488-20-0x0000000061A00000-0x0000000061A38000-memory.dmp

Filesize
224KB

Download
memory/2488-19-0x0000000063A40000-0x0000000063A92000-memory.dmp

Filesize
328KB

Download
memory/2488-17-0x000000006D700000-0x000000006D742000-memory.dmp

Filesize
264KB

Download
memory/2488-12-0x0000000062E80000-0x0000000062EA2000-memory.dmp

Filesize
136KB

Download
memory/2488-22-0x0000000065580000-0x00000000655C9000-memory.dmp

Filesize
292KB

Download
memory/2488-21-0x000000006D580000-0x000000006D661000-memory.dmp

Filesize
900KB

Download
memory/2488-10-0x0000000064F80000-0x0000000064FBE000-memory.dmp

Filesize
248KB

Download
memory/2488-23-0x0000000002700000-0x0000000002AF6000-memory.dmp

Filesize
4.0MB

Download
memory/2488-24-0x0000000062940000-0x0000000062966000-memory.dmp

Filesize
152KB

Download
memory/2488-28-0x0000000065880000-0x00000000658A8000-memory.dmp

Filesize
160KB

Download
memory/2488-29-0x0000000061DC0000-0x0000000061DCF000-memory.dmp

Filesize
60KB

Download
memory/2488-27-0x0000000068180000-0x00000000681C0000-memory.dmp

Filesize
256KB

Download
memory/2488-26-0x000000006B8C0000-0x000000006B912000-memory.dmp

Filesize
328KB

Download
memory/2488-25-0x00000000002A0000-0x00000000002BD000-memory.dmp

Filesize
116KB

Download
memory/2488-30-0x000000001E8C0000-0x000000001E8E0000-memory.dmp

Filesize
128KB

Download
memory/2488-31-0x000000001E7A0000-0x000000001E7C7000-memory.dmp

Filesize
156KB

Download
memory/2488-33-0x0000000010000000-0x000000001004F000-memory.dmp

Filesize
316KB

Download
memory/2488-34-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2488-35-0x000000001E000000-0x000000001E24F000-memory.dmp

Filesize
2.3MB

Download
memory/2488-32-0x00000000033C0000-0x000000000342D000-memory.dmp

Filesize
436KB

Download
memory/2488-37-0x000000001E800000-0x000000001E84E000-memory.dmp

Filesize
312KB

Download
memory/2488-36-0x00000000685C0000-0x00000000686D8000-memory.dmp

Filesize
1.1MB

Download
memory/2488-42-0x0000000068DC0000-0x0000000068DEA000-memory.dmp

Filesize
168KB

Download
memory/2488-54-0x0000000002600000-0x00000000026FE000-memory.dmp

Filesize
1016KB

Download
memory/2488-56-0x000000006C340000-0x000000006C405000-memory.dmp

Filesize
788KB

Download
memory/2488-59-0x000000006A900000-0x000000006A91A000-memory.dmp

Filesize
104KB

Download
memory/2488-61-0x000000001EA40000-0x000000001EA72000-memory.dmp

Filesize
200KB

Download
memory/2488-63-0x0000000068F40000-0x0000000068F67000-memory.dmp

Filesize
156KB

Download
memory/2488-70-0x000000006B280000-0x000000006B29A000-memory.dmp

Filesize
104KB

Download
memory/2488-69-0x000000006D700000-0x000000006D742000-memory.dmp

Filesize
264KB

Download
memory/2488-74-0x0000000065580000-0x00000000655C9000-memory.dmp

Filesize
292KB

Download
memory/2488-73-0x0000000061A00000-0x0000000061A38000-memory.dmp

Filesize
224KB

Download
memory/2488-72-0x0000000063A40000-0x0000000063A92000-memory.dmp

Filesize
328KB

Download
memory/2488-71-0x000000006D580000-0x000000006D661000-memory.dmp

Filesize
900KB

Download
memory/2488-68-0x000000006D4C0000-0x000000006D4D7000-memory.dmp

Filesize
92KB

Download
memory/2488-67-0x000000006DD00000-0x000000006DD10000-memory.dmp

Filesize
64KB

Download
memory/2488-66-0x000000001EBF0000-0x000000001EC00000-memory.dmp

Filesize
64KB

Download
memory/2488-65-0x0000000065340000-0x000000006537C000-memory.dmp

Filesize
240KB

Download
memory/2488-64-0x0000000062E80000-0x0000000062EA2000-memory.dmp

Filesize
136KB

Download
memory/2488-62-0x0000000064F80000-0x0000000064FBE000-memory.dmp

Filesize
248KB

Download
memory/2488-58-0x0000000003570000-0x000000000357F000-memory.dmp

Filesize
60KB

Download
memory/2488-57-0x000000001D1A0000-0x000000001D1B9000-memory.dmp

Filesize
100KB

Download
memory/2488-55-0x000000006A800000-0x000000006A87E000-memory.dmp

Filesize
504KB

Download
memory/2488-43-0x0000000064740000-0x0000000064940000-memory.dmp

Filesize
2.0MB

Download
memory/2488-41-0x0000000002C90000-0x0000000002CA5000-memory.dmp

Filesize
84KB

Download
memory/2488-40-0x0000000065C40000-0x0000000065C51000-memory.dmp

Filesize
68KB

Download
memory/2488-39-0x000000006A300000-0x000000006A327000-memory.dmp

Filesize
156KB

Download
memory/2488-38-0x000000001EA10000-0x000000001EA35000-memory.dmp

Filesize
148KB

Download
memory/2488-82-0x000000001E000000-0x000000001E24F000-memory.dmp

Filesize
2.3MB

Download
memory/2488-83-0x000000006A900000-0x000000006A91A000-memory.dmp

Filesize
104KB

Download
memory/2488-84-0x00000000685C0000-0x00000000686D8000-memory.dmp

Filesize
1.1MB

Download
memory/2488-85-0x000000006A300000-0x000000006A327000-memory.dmp

Filesize
156KB

Download
memory/2488-87-0x0000000068DC0000-0x0000000068DEA000-memory.dmp

Filesize
168KB

Download
memory/2488-88-0x0000000063A40000-0x0000000063A92000-memory.dmp

Filesize
328KB

Download
memory/2488-89-0x0000000064740000-0x0000000064940000-memory.dmp

Filesize
2.0MB

Download
memory/2488-90-0x0000000002600000-0x00000000026FE000-memory.dmp

Filesize
1016KB

Download
memory/2488-101-0x000000006D4C0000-0x000000006D4D7000-memory.dmp

Filesize
92KB

Download
memory/2488-100-0x0000000065580000-0x00000000655C9000-memory.dmp

Filesize
292KB

Download
memory/2488-99-0x000000006DD00000-0x000000006DD10000-memory.dmp

Filesize
64KB

Download
memory/2488-103-0x000000006B280000-0x000000006B29A000-memory.dmp

Filesize
104KB

Download
memory/2488-97-0x0000000065340000-0x000000006537C000-memory.dmp

Filesize
240KB

Download
memory/2488-104-0x0000000002700000-0x0000000002AF6000-memory.dmp

Filesize
4.0MB

Download
memory/2488-96-0x000000006C340000-0x000000006C405000-memory.dmp

Filesize
788KB

Download
memory/2488-111-0x000000001E8C0000-0x000000001E8E0000-memory.dmp

Filesize
128KB

Download
memory/2488-113-0x00000000033C0000-0x000000000342D000-memory.dmp

Filesize
436KB

Download
memory/2488-115-0x0000000010000000-0x000000001004F000-memory.dmp

Filesize
316KB

Download
memory/2488-118-0x0000000060900000-0x0000000060975000-memory.dmp

Filesize
468KB

Download
memory/2488-124-0x0000000062D40000-0x0000000062D58000-memory.dmp

Filesize
96KB

Download
memory/2488-122-0x0000000003570000-0x000000000357F000-memory.dmp

Filesize
60KB

Download