Analysis
-
max time kernel
3s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
19-04-2024 09:30
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Foxit_Reader_2_key_generator.exe
Resource
win7-20240221-en
windows7-x64
7 signatures
150 seconds
General
-
Target
Foxit_Reader_2_key_generator.exe
-
Size
211KB
-
MD5
b865fa4cecd2783a0ad5d7438bb3e5fd
-
SHA1
67e453143b3a5eb198590d771d33b8348f4176e6
-
SHA256
6fe5069400993d3162915ddfdc56f7887a6ab18292e9e6289efee15cb825933b
-
SHA512
83bbefe8d9f399e249a1ba98b0429e7e324b6634615b9da461e6dc87684aab43af919a5dccfd3207843a4e9839817e4c18e9c55448df3716d50e6c66ea8c11e3
-
SSDEEP
3072:eJTXsvgyRd34yQdKSmK6U7/K9VXKnSQkeVbyKro3nUIjRlRbcB:exs4w34vdB5/2mHNyOoEIjR3oB
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1836 4472 WerFault.exe Foxit_Reader_2_key_generator.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
Foxit_Reader_2_key_generator.exepid process 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe 4472 Foxit_Reader_2_key_generator.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Foxit_Reader_2_key_generator.exe"C:\Users\Admin\AppData\Local\Temp\Foxit_Reader_2_key_generator.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 6282⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4472 -ip 44721⤵