Analysis

  • max time kernel
    15s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-10-2024 04:09

General

  • Target

    5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe

  • Size

    92KB

  • MD5

    5224a6b30eaf4ea7b7b4b78b0ac7ab60

  • SHA1

    abf2372224b7a7700cf3cf036afee3c7789fe02d

  • SHA256

    5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15

  • SHA512

    888168be4d359d32de7b19cb8cd7c5428e271832d6f7cb3a216025f1ad91be8c3de8f4b7845e37245b0f63adba568ce1adaad96413302ab4123b77a90e00123a

  • SSDEEP

    1536:RHB0UxMkzOt7HcvJGt5AdHIOWnToIf12ZqTUgapJ5ouH4o:RhAWJGSCTBf12Z1gsJ5og4

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe
    "C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:2584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2584-0-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/2584-3-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB