Analysis
-
max time kernel
104s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20250313-en -
resource tags
-
submitted
10/04/2025, 19:47
General
-
Target
817a988946844440df765ab64052f276470e3081294a4dc4d5d19adb74b3aa8a.exe
-
Size
345KB
-
MD5
fc01e536eb60eb27a3f954ccfb7cdc5a
-
SHA1
7355be1ed9bf00067e84f8207345923325fd7d32
-
SHA256
817a988946844440df765ab64052f276470e3081294a4dc4d5d19adb74b3aa8a
-
SHA512
12ce88e18be740d705b2f4305252943322d0578194947bf1f595e3b5a22df708b9abfbe321d8a5422830f49b8692b003f78e85a5d0271a94bf4a74d8c63220e7
-
SSDEEP
6144:+PtFqR7FDwaIJGIDHO4Il8Uc/IX9rER13dLeeWEXTFI1tEnnbGQVNXv9uOS9U:6jqRxJlsu4j2Ngtee/TFI1tEnnbGqNXF
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\817a988946844440df765ab64052f276470e3081294a4dc4d5d19adb74b3aa8a.exe"C:\Users\Admin\AppData\Local\Temp\817a988946844440df765ab64052f276470e3081294a4dc4d5d19adb74b3aa8a.exe"1⤵
- Downloads MZ/PE file
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken