Analysis
-
max time kernel
103s -
max time network
129s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
-
submitted
02/04/2025, 03:38
General
-
Target
1208-0-0x0000000000400000-0x0000000000458000-memory.exe
-
Size
352KB
-
MD5
9c575048bf319873dc165a1fb8e2bd8c
-
SHA1
d24dba62869b15cbda0c8ff1a5d5a8412a2c313c
-
SHA256
1d7ed4fc898492ec227a2842a7086dcccad42588dd08452903a99b76638104c5
-
SHA512
1ef30bea354f8427adc540ff790d3b1ed6ffa7117747fe2f93ace41b5380fd18718ea6bf607a4958a391ea1a4ae9ff28de337dd6566245bbe468de8edbd8973e
-
SSDEEP
6144:O8d1/w5KA81IJ8GpF6nuTmOOUmEZq6BoIW6rN07yZ3zBJ0em:djYKkJj6GmZULZq6Y6u7yZjr
Score
7/10
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1208-0-0x0000000000400000-0x0000000000458000-memory.exe"C:\Users\Admin\AppData\Local\Temp\1208-0-0x0000000000400000-0x0000000000458000-memory.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx