Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250217-en -
resource tags
arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system -
submitted
07/03/2025, 15:22
Behavioral task
behavioral1
Sample
1664-29-0x0000000000400000-0x000000000045A000-memory.exe
Resource
win7-20240903-en
General
-
Target
1664-29-0x0000000000400000-0x000000000045A000-memory.exe
-
Size
360KB
-
MD5
1a2b16908f9807bda27e16016610d93e
-
SHA1
8e24339a60cb636d8a371f02ca0c35d293b788e7
-
SHA256
2bd5cfd28b36a9a2dd007a0d35f4daf1e0b726d8772e9e5c555f6e6289eb45ae
-
SHA512
63b8fd1aa7edd45a8accdedf9598ec41c9be102760c0c2020797a5884bd56f449d393dd757fb6a6a7c30088ea0ffb9691024d494ba6d00adc51d11bfd9bd20af
-
SSDEEP
6144:Wq8d1/w5KA81IJ8GpF6nuTmOOUWMmvc/DhqZtdUl5y405yryeyWeOu:GjYKkJj6GmZUWMWc/DN305y+TP
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1664-29-0x0000000000400000-0x000000000045A000-memory.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 536 1664-29-0x0000000000400000-0x000000000045A000-memory.exe