Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
23-04-2024 01:05
General
-
Target
17f929c1d40a7fd6f897c0b15ca9c44b2059cbccb3037c31619d87954659478e.exe
-
Size
273KB
-
MD5
e795115169cc800de0392d6a675d58fd
-
SHA1
8dd75837e360ba1cb8acf5a3d348dd020a5da482
-
SHA256
17f929c1d40a7fd6f897c0b15ca9c44b2059cbccb3037c31619d87954659478e
-
SHA512
5fb6543e91de175bd365462a1cc87d6772e43b0effd3757b3e408b08a4de5a004de9a85e7f1d09578fa3bc6b6486c5f5016c1b879496582dbb39b2e62e168f38
-
SSDEEP
6144:s/wl9dobdtMJNPX459l2/FpnovRWf1RdSxWbkHg6O0:HdoRtMJRkQp2MY0QO0
Score
10/10
Malware Config
Signatures
-
Detect Xehook Payload 1 IoCs
-
Xehook stealer
Xehook is an infostealer written in C#.
-
Detect binaries embedding considerable number of MFA browser extension IDs. 1 IoCs
-
Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs. 1 IoCs
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers 1 IoCs
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\17f929c1d40a7fd6f897c0b15ca9c44b2059cbccb3037c31619d87954659478e.exe"C:\Users\Admin\AppData\Local\Temp\17f929c1d40a7fd6f897c0b15ca9c44b2059cbccb3037c31619d87954659478e.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 922⤵
- Program crash
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2224-0-0x00000000001D0000-0x0000000000218000-memory.dmpFilesize
288KB