ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0

Analysis

max time kernel
95s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-12-2024 05:10

Target

ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe
Size

104KB
MD5

2f47ef16e386ce035aa34aa1d8170e1e
SHA1

6d7d16bfc352af8d9408519864d9f7a023af115a
SHA256

ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0
SHA512

21c1cf1225d87bac8d4f919601ac52a22d47ae41d167c2bdde8eda53c03f18624047904807037d82dca8a9e7e0472e8f7dbd02030d6b3ab99fc3a249a5e3d5de
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqtIzmdi:nSHIG6mQwGmfOQd8YhY0/EYUGi

Score

7^/10

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs

Email Collection

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	ff70fcc9275ffe594d9a9a7cb358ef565fdfbb0ff01ba059fed285ab8ec4c7c0.exe