59ebf2813b1f8295f1d67a28eae9da727a219c036659e0d0be7843432d6c5de2

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 10:37

Target

097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe
Size

416KB
MD5

b10a1e745d49f28cf1a9241afe269419
SHA1

cfcb5d1fe7c347340a41f4ea25afcf2857056180
SHA256

59ebf2813b1f8295f1d67a28eae9da727a219c036659e0d0be7843432d6c5de2
SHA512

61e6b6e5755c1907f4c2f2ae482870f60dd9dcd8402661bf8bbe29bbc6c56d940486a95ff95fd816cf1f8784a764d1f09deaebdc441eda4cc78d73de1f3bbb80
SSDEEP

6144:6LJQqobY5Fqjfqtg8N61pIH4FgLxkKE5DgMSlA5KI+kFPj4qXD2+:4JQ9g0jytgW61pKuWc7dX9

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe

pid process

2320 097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe

pid	process
2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe

description	pid	process
Token: SeDebugPrivilege	2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe
Token: SeBackupPrivilege	2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe
Token: SeSecurityPrivilege	2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe
Token: SeSecurityPrivilege	2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe
Token: SeSecurityPrivilege	2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe
Token: SeSecurityPrivilege	2320	097dbcf18e9ebc074af64ac1a899693153ac937ba363a3f096e11a5a403105e3_payload.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2320-0-0x000007FEF5223000-0x000007FEF5224000-memory.dmp

Filesize
4KB

Download
memory/2320-1-0x0000000000FD0000-0x000000000103E000-memory.dmp

Filesize
440KB

Download
memory/2320-2-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

Filesize
9.9MB

Download
memory/2320-3-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

Filesize
9.9MB

Download
memory/2320-4-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

Filesize
9.9MB

Download
memory/2320-5-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

Filesize
9.9MB

Download