Analysis
-
max time kernel
38s -
max time network
39s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-10-2024 16:31
Behavioral task
behavioral1
Sample
194620476ff575534a3cc834440963ff8682307a.exe
Resource
win7-20241010-en
General
-
Target
194620476ff575534a3cc834440963ff8682307a.exe
-
Size
80KB
-
MD5
75cc82d3cf334c82ac92d55e34459f92
-
SHA1
194620476ff575534a3cc834440963ff8682307a
-
SHA256
6bd19bc9223d33208733d5cc07f89bf2943210933424018afa6c2d2e2949811d
-
SHA512
3994542ed0358a16423839873b292439a0a506aadc4d5acdd884cf76bdcecf30fb1eb093bf67d8c86928392031a317e546c853de1a6f607fe3444dd961f717e1
-
SSDEEP
1536:KX0PI6ORWFPekAZZ0XCkSBIPV1Fn1p06QcKUp3QFqH:9PI6GWpeVsXCLMrxbQOpAFqH
Malware Config
Signatures
-
Downloads MZ/PE file
-
Loads dropped DLL 3 IoCs
pid Process 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 194620476ff575534a3cc834440963ff8682307a.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe 444 194620476ff575534a3cc834440963ff8682307a.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
Filesize
612KB
MD5f07d9977430e762b563eaadc2b94bbfa
SHA1da0a05b2b8d269fb73558dfcf0ed5c167f6d3877
SHA2564191faf7e5eb105a0f4c5c6ed3e9e9c71014e8aa39bbee313bc92d1411e9e862
SHA5126afd512e4099643bba3fc7700dd72744156b78b7bda10263ba1f8571d1e282133a433215a9222a7799f9824f244a2bc80c2816a62de1497017a4b26d562b7eaf
-
Filesize
1.9MB
MD5f67d08e8c02574cbc2f1122c53bfb976
SHA16522992957e7e4d074947cad63189f308a80fcf2
SHA256c65b7afb05ee2b2687e6280594019068c3d3829182dfe8604ce4adf2116cc46e
SHA5122e9d0a211d2b085514f181852fae6e7ca6aed4d29f396348bedb59c556e39621810a9a74671566a49e126ec73a60d0f781fa9085eb407df1eefd942c18853be5
-
Filesize
114KB
MD5d9f3a549453b94ec3a081feb24927cd7
SHA11af72767f6dfd1eaf78b899c3ad911cfa3cd09c8
SHA256ff366f2cf27da8b95912968ac830f2db3823f77c342e73ee45ec335dbc2c1a73
SHA512f48765c257e1539cacce536e4f757e3d06388a6e7e6c7f714c3fce2290ce7cdb5f0e8bb8db740b5899ba8b53e2ed8b47e08b0d043bb8df5a660841dc2c204029
-
Filesize
1.0MB
MD5dbf4f8dcefb8056dc6bae4b67ff810ce
SHA1bbac1dd8a07c6069415c04b62747d794736d0689
SHA25647b64311719000fa8c432165a0fdcdfed735d5b54977b052de915b1cbbbf9d68
SHA512b572ca2f2e4a5cc93e4fcc7a18c0ae6df888aa4c55bc7da591e316927a4b5cfcbdda6e60018950be891ff3b26f470cc5cce34d217c2d35074322ab84c32a25d1