Overview

overview

10

Static

static

10

hack-browser-data.exe

windows10-1703-x64

9

Analysis

  • max time kernel
    22s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    25-08-2024 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hack-browser-data.exe

  • Size

    9.3MB

  • MD5

    7be18f7881115b4b9fa5b19bc5da7e23

  • SHA1

    838839f163f8cb146ef9078956fe9a733d096299

  • SHA256

    e28e65b42f2596dc34c9845728e4ee6884d3e42b20397a9c4fcbe8cd63f8c193

  • SHA512

    50e8ee8c98f151cce3e7ea6a1eb5952a97d49bac553cd684e9f4d2bc631d41a07186b3ea412f8704873b00098513408f08d3c3229a52ec36b5592238650dbff2

  • SSDEEP

    98304:oTjEmCMgX0kWnB6Z0+RVOjejjVEfAOja:oTqz3XOYjMj

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\hack-browser-data.exe
    "C:\Users\Admin\AppData\Local\Temp\hack-browser-data.exe"
    1⤵
      PID:2832
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3696
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.0.297651966\1159656960" -parentBuildID 20221007134813 -prefsHandle 1568 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb132db4-2a9a-467c-8d16-194cbc93ba61} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 1764 20efc1f4e58 gpu
          3⤵
            PID:3884
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.1.116504047\591854436" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f77ea730-f0b2-4c59-b672-2c47e0e0fd24} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2120 20ee9d71f58 socket
            3⤵
              PID:628
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.2.1993291175\523370120" -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {abc61f7c-d0ab-4843-a0a7-9b485b0fa6b7} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 2776 20e82399358 tab
              3⤵
                PID:1932
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.3.657541337\652506835" -childID 2 -isForBrowser -prefsHandle 3392 -prefMapHandle 3396 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26790062-fce0-4770-87d1-94e3ae821b32} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 3408 20e80972158 tab
                3⤵
                  PID:1872
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.4.1723205267\437920672" -childID 3 -isForBrowser -prefsHandle 4252 -prefMapHandle 4248 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f4e2d81-3285-421b-a95e-0687146e2ada} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4264 20e841dce58 tab
                  3⤵
                    PID:2776
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.5.489251939\1775923981" -childID 4 -isForBrowser -prefsHandle 5084 -prefMapHandle 5076 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e29fa7d-fdeb-4b65-b8fe-f4c9780448d3} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 5008 20e84518958 tab
                    3⤵
                      PID:1884
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.6.1048838481\8887943" -childID 5 -isForBrowser -prefsHandle 5096 -prefMapHandle 5092 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f72fa0f-7882-4efc-a9fd-8ee54666b926} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 4860 20e84fbed58 tab
                      3⤵
                        PID:1612
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3696.7.1291295896\1288412971" -childID 6 -isForBrowser -prefsHandle 4888 -prefMapHandle 5008 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1360 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80595258-1d73-4b6a-8f31-c1152895f49b} 3696 "\\.\pipe\gecko-crash-server-pipe.3696" 5192 20e84fbf958 tab
                        3⤵
                          PID:3868

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Temp\Session Storage_8.temp\CURRENT.bak
                      Filesize

                      16B

                      MD5

                      46295cac801e5d4857d09837238a6394

                      SHA1

                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                      SHA256

                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                      SHA512

                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\Session Storage_8.temp\MANIFEST-000001
                      Filesize

                      41B

                      MD5

                      5af87dfd673ba2115e2fcf5cfdb727ab

                      SHA1

                      d5b5bbf396dc291274584ef71f444f420b6056f1

                      SHA256

                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                      SHA512

                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      b3c9da48b05f14401ec03e44bcef9ecf

                      SHA1

                      fc5a85dba19c028234e358f2ebeee5eb90e6b7dd

                      SHA256

                      9e98eaac931bb1dcbed0c0c318caf8262d9e8bfa5af31d34fcd280633f33b5fb

                      SHA512

                      e5def80f7e2ee512b46b2dc96472fe2ca24608d0194bd1a132185f90b428767b9641853e53bd3f8ff9479fdd26a6ac93f22f719110513234da6b89b2a32f6101

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\382316be-bcae-41a5-b9b1-eee4c383dd0d
                      Filesize

                      10KB

                      MD5

                      60b6441f738b1183520eee39ae278430

                      SHA1

                      c4fc2645efa09fda1fd1ca1eba6a034cbe29edd9

                      SHA256

                      afa3e8d6a4e2f4e6b84581591950b915901c31e673db62f017f24574e83a49a3

                      SHA512

                      3f190003cd972aceccff60df8e4bdd17a957efcfc6415f35dfb1d604df04037e37ee19a8b038c65304500c689b7797188e0cfb6c9f74d8b644d07799f1fd56b2

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\a760aa01-029a-4af2-95a8-8785afad7f4a
                      Filesize

                      746B

                      MD5

                      b554d27f9bc0e3c3d94ea61c5d043c77

                      SHA1

                      f3c8f35ce4cb9ba634a720020853849ac215babb

                      SHA256

                      417ac2fb208d68620fb86607784e3eb7f8fabc1ab65c802257381539827c6a12

                      SHA512

                      85bb223592926d8d3c7279f7327a1572e0a0b3162f4b4a5265e3fc3b29e5db5f5c66d1772a0808acd5873591c03ccbc0182f089de65ee8eff89001ff2c473322

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      84dc6463dce41ab5f0ad0198e47b1c70

                      SHA1

                      1d60d4092c937717cee80d28d976ed3f6bb35a9b

                      SHA256

                      11cddc80c66c48270b158fd77d6823305416220cc72e44a6247abdd412cf0df0

                      SHA512

                      2c27bd607e827e7afd79ed42e54671f236c588568774d3843c23509f5a5647703f1da15fdde4197484c2c81d4eb0f9575a33dfc804bd344dbebe4d59bd42e2db

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                      Filesize

                      184KB

                      MD5

                      3018d1aad8385b734068dbad441e344e

                      SHA1

                      2a3925bc92ec843db64b6db2cd6fe18ccf084a86

                      SHA256

                      f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

                      SHA512

                      7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

                      Download Submit