4d73ff1e68b0dbf4d0aa169daa635eee9a4ac80637440465ab1f9cd2ba670e8e

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 16:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MM2EBYPASS.bat
Size

64B
MD5

06a303a8aeea2c6e594901b0cdccfb35
SHA1

efdda2f7c4c77fd16915e0ed4b8873a8011ac5ba
SHA256

4d73ff1e68b0dbf4d0aa169daa635eee9a4ac80637440465ab1f9cd2ba670e8e
SHA512

b5a9865c47518e8e924b9aa3e55a9e10137fe42ed128f2c61c7cdb392a4719413ea66d3a85d1375f8b15f2764b858ee3ab2cf7eed92511eb0b392fe5c94cf7ff

Score

9^/10

credential_access discovery spyware stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	cmd.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	cmd.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Globalization\ICU\icudtl.dat	cmd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MM2EBYPASS.bat"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads