Analysis

  • max time kernel
    14s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240611-en
  • resource tags

    arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-06-2024 15:10

General

  • Target

    eac bypass.exe

  • Size

    2.9MB

  • MD5

    6fa9595fd56888938aad6b33aaa0448e

  • SHA1

    3c51732923401feada967af33dffbe25730bda6a

  • SHA256

    25b2bf208ef5e3e00e9cfe0fb5c85bd5b78ba865916a656b3fba60ae96143deb

  • SHA512

    8039400492d02687fcdf4c482487195eaa378eea5114b886a6c727aab07f0ab4e024cc4b070a334a5ca339c82546d2d113c36974c6c3bbc9748b7c307317ab65

  • SSDEEP

    49152:AfcjrtM72Xm30pp9dP0tVJHVFrBI1+jbWaapap/1o/zBDmsJypA5E3nL1Q1kWdoB:Afct630pGbNBIgjqvIp/opJWcE3nL1Qk

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Themida packer 1 IoCs

    Detects Themida, an advanced Windows software protection system.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eac bypass.exe
    "C:\Users\Admin\AppData\Local\Temp\eac bypass.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:4240
  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
    1⤵
      PID:1752

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4240-0-0x0000000140017000-0x00000001401CE000-memory.dmp
      Filesize

      1.7MB

    • memory/4240-1-0x00007FF9836F0000-0x00007FF9836F2000-memory.dmp
      Filesize

      8KB

    • memory/4240-2-0x0000000140000000-0x00000001404BD000-memory.dmp
      Filesize

      4.7MB