Analysis
-
max time kernel
95s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2025, 16:50
Behavioral task
behavioral1
Sample
1380-1346-0x0000000000400000-0x0000000000459000-memory.exe
Resource
win7-20240903-en
General
-
Target
1380-1346-0x0000000000400000-0x0000000000459000-memory.exe
-
Size
356KB
-
MD5
0d170001ac584298e6fd0569c374683d
-
SHA1
37d6a769d0e5d9a4326755b2f8d7703917b700de
-
SHA256
ea91cbb613be4b8dab7e8d23e1056dcadca1c860be6e2c2020018f931966c6f3
-
SHA512
fd98e9d73d91c14db416f671ec26303c7fdb53d803d6f55470d87029580306da5ef224b0bd1d20791f9d221a024e22a85608976de6f68d98abee445b2bd3b9b9
-
SSDEEP
6144:H8d1/w5KA81IJ8GpF6nuTmOOUhax5yAQUCurPVFy5f1gS7i:cjYKkJj6GmZUhax5yBu5Fy5tx
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1380-1346-0x0000000000400000-0x0000000000459000-memory.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3328 1380-1346-0x0000000000400000-0x0000000000459000-memory.exe