Analysis
-
max time kernel
14s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
15-06-2024 15:10
Behavioral task
behavioral1
Sample
eac bypass.exe
Resource
win11-20240611-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
software.dll
Resource
win11-20240611-en
0 signatures
150 seconds
General
-
Target
eac bypass.exe
-
Size
2.9MB
-
MD5
6fa9595fd56888938aad6b33aaa0448e
-
SHA1
3c51732923401feada967af33dffbe25730bda6a
-
SHA256
25b2bf208ef5e3e00e9cfe0fb5c85bd5b78ba865916a656b3fba60ae96143deb
-
SHA512
8039400492d02687fcdf4c482487195eaa378eea5114b886a6c727aab07f0ab4e024cc4b070a334a5ca339c82546d2d113c36974c6c3bbc9748b7c307317ab65
-
SSDEEP
49152:AfcjrtM72Xm30pp9dP0tVJHVFrBI1+jbWaapap/1o/zBDmsJypA5E3nL1Q1kWdoB:Afct630pGbNBIgjqvIp/opJWcE3nL1Qk
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral1/memory/4240-2-0x0000000140000000-0x00000001404BD000-memory.dmp themida -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
eac bypass.exepid process 4240 eac bypass.exe 4240 eac bypass.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\eac bypass.exe"C:\Users\Admin\AppData\Local\Temp\eac bypass.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵PID:1752