Analysis
-
max time kernel
72s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
25-12-2024 13:44
Behavioral task
behavioral1
Sample
0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe
Resource
win7-20241010-en
General
-
Target
0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe
-
Size
9.1MB
-
MD5
22bef4c8dd217579c6ef48f838a8791f
-
SHA1
2dc151bb099cca5d8404658d858e9653b96111f2
-
SHA256
0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0
-
SHA512
66c2a105eef0faff50943073771010ed3c010c532f6edc4587bc145e043d3e86655049ca40a5c862df3ed8f0733b9110f2abc932cc4a89611c8d0868389dc2f3
-
SSDEEP
196608:N/JcDKlFBqZcPz5jGVARK8OSqY4i5KPa/hdHDRQIgLKN:RODKlFBqa99qs5x/jHDRQIG2
Malware Config
Signatures
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1688 0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe 1688 0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe"C:\Users\Admin\AppData\Local\Temp\0f7e525e49835b39ee39b45883954faef7fcae8f69382ba4c9f05fbd34ef3bd0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1688