Analysis
-
max time kernel
97s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
06/03/2025, 17:01
Behavioral task
behavioral1
Sample
2700-24-0x0000000000400000-0x000000000046F000-memory.exe
Resource
win7-20240903-en
General
-
Target
2700-24-0x0000000000400000-0x000000000046F000-memory.exe
-
Size
444KB
-
MD5
1b24d129ea5ce7cf2f9c348c1c6d53f6
-
SHA1
4fb7a1f2ca4514ea2f57a417b268bd426bfde14d
-
SHA256
d4dc60e745b825fab3f4da730270ef48eacc94d393ae0c2f434751c08518fce3
-
SHA512
4f7ba159b62fb745a7eead57c2f0dd5c9dca235d843570d6ca3b5742731b72aa40be1474b1f57849840f6415e39175d8be5fb857545694bde79bd269cb89e274
-
SSDEEP
6144:4Lx8d1/w5KA81IJ8GpF6nuTmOOUmjwup5+x6LyqEOmyhnbUeFVHNMhWJ5Dx:RjYKkJj6GmZU1up5liOmyhblFVHV5x
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2700-24-0x0000000000400000-0x000000000046F000-memory.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3972 2700-24-0x0000000000400000-0x000000000046F000-memory.exe