7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff

Analysis

max time kernel
95s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 19:07

Target

7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe
Size

648KB
MD5

993077fad9d5dd79b70d18f348b9b20d
SHA1

740a1df09e85f60e86722ec939df2874d63ba2e0
SHA256

7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff
SHA512

1688bd7baea5dbcb2c7e42269911e7295b359d640e28e96d8d906f585b5218430e8713133663f63676ef791eaa53b2da92b3efee3dbcd623c25c4ee40605d42b
SSDEEP

1536:yzvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqiIzmd:JSHIG6mQwGmfOQd8YhY0/E/UG

Score

7^/10

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

Email Collection

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	7b49315a07d92562008785f18022b53b380f999abe92a6d4014c014461660dff.exe