5d0cf474f881a4f66417ee5cd6407575f86faa03adabbb490421eb74f89f083b

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
16-02-2025 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d0cf474f881a4f66417ee5cd6407575f86faa03adabbb490421eb74f89f083b.exe
Size

29KB
MD5

add23973544b5d947afe8c05565e11f9
SHA1

b6d8360d9df46c75d06ca0ddd50dc569e3affb5c
SHA256

5d0cf474f881a4f66417ee5cd6407575f86faa03adabbb490421eb74f89f083b
SHA512

d8ea63cec9911bb8c5cdcbfd15c368096876a56cb694df29b531eec44119cd400577367c0f490bb51de1be7f6faaa0fae74a76f79707c463fe6418c569688504
SSDEEP

384:piY/4mcwYPSNOjKjg11+rVlOxxtNP97kJkgQ8pwIIumVbgORBprjlJZpTJ3uPbHY:piWWjjKjrOFgwItmVsOlr1B+9Ir

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
55	3508	Process not Found

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5d0cf474f881a4f66417ee5cd6407575f86faa03adabbb490421eb74f89f083b.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5072	MicrosoftEdgeUpdate.exe

C:\Users\Admin\AppData\Local\Temp\5d0cf474f881a4f66417ee5cd6407575f86faa03adabbb490421eb74f89f083b.exe
"C:\Users\Admin\AppData\Local\Temp\5d0cf474f881a4f66417ee5cd6407575f86faa03adabbb490421eb74f89f083b.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1456

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTg3MDQ2RDYtNjc1QS00Rjg4LUI4RTgtNEU2MzY3QzkzQTk2fSIgdXNlcmlkPSJ7MTcyNkQ0N0YtQzhCRi00REU3LUFGMTQtQTFCOENBOThCNUY4fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OEUxQTk1NjQtRDk4RC00QzUxLTkyNjItNzFERjUyNTU4RkE2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSI4IiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4ODkiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTM2NTgwOTAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MDc0MjM5MzA5Ii8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5072