Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14-06-2024 13:59
Behavioral task
behavioral1
Sample
81740342d64bc105d369f39bcf23e93f.exe
Resource
win7-20240611-en
10 signatures
150 seconds
General
-
Target
81740342d64bc105d369f39bcf23e93f.exe
-
Size
149KB
-
MD5
81740342d64bc105d369f39bcf23e93f
-
SHA1
4d5d266bc24ed969108c68f794883957a22ae939
-
SHA256
600694fa52aa0bd711a6d564728931380bd29891fdf62c26b1f95224589b78d8
-
SHA512
3be9e90c67ef641b94f81c86344082b63c690e906a1fed7825bb6a0321cd4c8289d8e64e9583897ce832cad137f475e66053ace4d43f2b6a741d33b3709ead91
-
SSDEEP
3072:HemwkmgMXfbtdBE2a/duEx5cLbfu3/XcW5DC2kgZ8YfHcvOgbg8vW/f:HfmgMXfbtdK2a/dh5cLeC2kgZ8YfHcv/
Malware Config
Signatures
-
Detect Xehook Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/2396-0-0x0000000000F90000-0x0000000000FBC000-memory.dmp family_xehook -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
81740342d64bc105d369f39bcf23e93f.exedescription pid process Token: SeDebugPrivilege 2396 81740342d64bc105d369f39bcf23e93f.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2396-0-0x0000000000F90000-0x0000000000FBC000-memory.dmpFilesize
176KB
-
memory/2396-1-0x0000000003030000-0x000000000304A000-memory.dmpFilesize
104KB
-
memory/2396-2-0x00007FF8010B3000-0x00007FF8010B5000-memory.dmpFilesize
8KB
-
memory/2396-3-0x00007FF8010B0000-0x00007FF801B71000-memory.dmpFilesize
10.8MB
-
memory/2396-4-0x00007FF8010B0000-0x00007FF801B71000-memory.dmpFilesize
10.8MB
-
memory/2396-5-0x00007FF8010B0000-0x00007FF801B71000-memory.dmpFilesize
10.8MB