Analysis

  • max time kernel
    101s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-10-2024 04:09

General

  • Target

    5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe

  • Size

    92KB

  • MD5

    5224a6b30eaf4ea7b7b4b78b0ac7ab60

  • SHA1

    abf2372224b7a7700cf3cf036afee3c7789fe02d

  • SHA256

    5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15

  • SHA512

    888168be4d359d32de7b19cb8cd7c5428e271832d6f7cb3a216025f1ad91be8c3de8f4b7845e37245b0f63adba568ce1adaad96413302ab4123b77a90e00123a

  • SSDEEP

    1536:RHB0UxMkzOt7HcvJGt5AdHIOWnToIf12ZqTUgapJ5ouH4o:RhAWJGSCTBf12Z1gsJ5og4

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe
    "C:\Users\Admin\AppData\Local\Temp\5038a6d7276bdab8d918dc31135e1a8b9567978f2bff2b8440985c35581a9b15N.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/624-0-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB

  • memory/624-2-0x0000000000400000-0x000000000041A000-memory.dmp

    Filesize

    104KB