Analysis

  • max time kernel
    95s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/01/2025, 19:09

General

  • Target

    5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe

  • Size

    92KB

  • MD5

    a9f6b8b6a8bb7225884ae4acad9ede21

  • SHA1

    163ab5211709981d4872382a1fa6179fe9950038

  • SHA256

    5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530

  • SHA512

    c0df9ed57d272616e438e1d48fa09bf1a9b315687a38476d05a34b342a3c99fbeb392c50287a041f70f65ec60378b68de073f92aa713651e71f1153a823c2e6c

  • SSDEEP

    1536:DHB0UxMkzOt7HcvJGt5AdHIOWnToIf12ZqTUgawozmoJ:DhAWJGSCTBf12Z1gtozm+

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe
    "C:\Users\Admin\AppData\Local\Temp\5095c48550af05e9fb4c79a6c89031426e160497c8aafa72cdd8795d542e3530.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    PID:696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads