9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232

Analysis

max time kernel
147s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 14:42

Target

9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232.exe
Size

29KB
MD5

bb11aebb921c65e72e7bf5c16039fcfc
SHA1

1aaa2ae8dfc879a7d22a3ddd90fdffcfa762cf75
SHA256

9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232
SHA512

be4cc82db4d0c0ddb6fd385cd6e6a385d666fa622d76aaf5a3dc6b5aa70f4cc31d08d1024184c18c5fe0fd5690773e9b4266bef00be2c7aa67f3994ccea7c220
SSDEEP

384:piY/4mcwYPSNOjKjg11+rVlOxxtNP97kJkgQ8pwIIumVbgORBprjlJZpTJ3uPbH2:piWWjjKjrOFgwItmVsOlr1B+9i

Score

9^/10

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

Processes:

9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232.exe

C:\Users\Admin\AppData\Local\Temp\9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232.exe
"C:\Users\Admin\AppData\Local\Temp\9f949f62466767ca9af8a1b6e4055fcd474da5dfeb797db85b32ecbf7d807232.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2028