b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 19:04

Target

b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5.exe
Size

29KB
MD5

d0038532ae6cec64be83bc19d0b8f695
SHA1

17a23380f80068d15ebc014cb2b1748bb45fb5c1
SHA256

b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5
SHA512

af269471f7093445fb05bc6d6d185f9e48d0666674a3de50c4217757d3fdf39b067668bf2ca37eac91d5cb203c3ce3d4d634661e470d84d12c80c332344503ea
SSDEEP

384:piY/4mcwYPSNOjKjg11+rVlOxxtNP97kJkgQ8pwIIumVbgORBprjlJZpTJ3uPbHO:piWWjjKjrOFgwItmVsOlr1B+90B

Score

7^/10

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

Processes:

b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5.exe

C:\Users\Admin\AppData\Local\Temp\b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5.exe
"C:\Users\Admin\AppData\Local\Temp\b412dd132cb21a0d4d7bb622c6fe49f9e6c5c934201815d570db774ac80194f5.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1708