Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 13:45
Behavioral task
behavioral1
Sample
600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8.exe
Resource
win10v2004-20240508-en
General
-
Target
600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8.exe
-
Size
149KB
-
MD5
81740342d64bc105d369f39bcf23e93f
-
SHA1
4d5d266bc24ed969108c68f794883957a22ae939
-
SHA256
600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8
-
SHA512
3be9e90c67ef641b94f81c86344082b63c690e906a1fed7825bb6a0321cd4c8289d8e64e9583897ce832cad137f475e66053ace4d43f2b6a741d33b3709ead91
-
SSDEEP
3072:HemwkmgMXfbtdBE2a/duEx5cLbfu3/XcW5DC2kgZ8YfHcvOgbg8vW/f:HfmgMXfbtdK2a/dh5cLeC2kgZ8YfHcv/
Malware Config
Signatures
-
Detect Xehook Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/3344-1-0x00000000006A0000-0x00000000006CC000-memory.dmp family_xehook -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8.exedescription pid Process Token: SeDebugPrivilege 3344 600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8.exe