ebbebd12ad3b0348d30f7a3ee492d0dc8b8f59c0de228b9a001777fe45713ec1

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 21:32

Target

Proposta_Contratual.exe
Size

29KB
MD5

f16817e0d25d1d2c8661cb5e0fdac136
SHA1

308070a90e0115456ce4cf788ca5d6141d7aa76f
SHA256

374c66a41aaf7b8071437bca24292cd0e5ad1c41ca83a5228cfeda49e56c7c6a
SHA512

1f0e80e72fc27e12a499920924756c3d5e4a7f3b99310a59d71ab0a2ec319b8fb663b98a2a3116b7c5fe5549a61409d1cb48be0e82bcd0a4688819188257fa3f
SSDEEP

768:ZKSkquAgD0GQOycznpL3FGe/pZ/FOZBO/J:rkquAgD0GQOJJL/pZNOZI/J

Score

7^/10

spyware stealer

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2092	Proposta_Contratual.exe

C:\Users\Admin\AppData\Local\Temp\Proposta_Contratual.exe
"C:\Users\Admin\AppData\Local\Temp\Proposta_Contratual.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

memory/2092-1-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2092-2-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download