Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 00:58

General

  • Target

    a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe

  • Size

    628KB

  • MD5

    47d3b6d3810d4b1b5343d6d34abe0ac9

  • SHA1

    cbb7516c0e7570f5d31355d68728a6e1294e3532

  • SHA256

    a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56

  • SHA512

    97eeec2fbd9d22d69b33ddbc64e14e39d7fd7807abecd0edc99c09d51bdef89ff62b2de7f67d1158915327e2bf4dd7801c8a154fb266d792f6cb59c32166026b

  • SSDEEP

    12288:F1Lh3tGbPGaI3h8BAhnz3MjnGQMX0Ms0e2QHSYW2PxOY7nD+J2x1DHBi:fGrnAdz3Mjn1uiSJ2PxOY7D+Ax1k

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe
    "C:\Users\Admin\AppData\Local\Temp\a1e01349b3bdae052719f4af25038dc1b6a1fb20f701c142e4153c8b9261ed56.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    PID:5112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pdl34DB.tmp

    Filesize

    197KB

    MD5

    1bc225e0c1c2f54cc877b654ccf04684

    SHA1

    66b37d20f580e14efa3312821aa1b44eccd0f1fe

    SHA256

    19486800845b74be3487f1319d6f249ce85e8b47df586dd8e9b9cbb46875ae93

    SHA512

    9e4604f5cb06c498b53ac91eb8b37e923dc5d6629984b77ecbbc149abac5c94352cd8ab64488a3516083a39988282f0fb5b7fc2aa5e81426685a5a039e96f283

  • memory/5112-5-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-4-0x0000000000400000-0x0000000000442000-memory.dmp

    Filesize

    264KB

  • memory/5112-7-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-9-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-11-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-13-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-15-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-19-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-21-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-23-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-25-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-27-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-29-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

  • memory/5112-31-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB