Analysis
-
max time kernel
127s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
22-05-2024 01:40
General
-
Target
$TEMP/TeamViewer/Version4/TeamViewer.exe
-
Size
3.4MB
-
MD5
84a8afd4d54164c1e6e9cdf0dcd28eaa
-
SHA1
3943120c742d3adc2060e5d4479ebafd0102cee5
-
SHA256
9ade5287b8a8b0910a01235f8c5be41bf3d19b89e92ca6416bf7827c0dadbd30
-
SHA512
0e0783974c031d5098141a4d5cabf9f74ba60cf73e2e7e8ad8141488700df87538af5a89d6ee30152d04ed04dde0146d290bf87fd4e268f3fa82ee7dfbd035f1
-
SSDEEP
49152:0VSl5yAhOffG+diT/IfiX7CcLxYVfRi3PNNu+axk/jNjovY7icVJJe46C/oSR4:MAhOf0c/yxYBRi3T7yvY/z6CZ4
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\$TEMP\TeamViewer\Version4\TeamViewer.exe"C:\Users\Admin\AppData\Local\Temp\$TEMP\TeamViewer\Version4\TeamViewer.exe"1⤵
- Drops file in Program Files directory
- Suspicious behavior: GetForegroundWindowSpam
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2000-1-0x0000000000850000-0x0000000000851000-memory.dmpFilesize
4KB
-
memory/2000-2-0x0000000000850000-0x0000000000851000-memory.dmpFilesize
4KB