Analysis
-
max time kernel
7s -
max time network
9s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-06-2024 17:10
General
-
Target
d014-9a13-4c86.exe
-
Size
17.9MB
-
MD5
32cfd0d80dbf54fb63c6dd5fd84b517d
-
SHA1
9aa2737687ba0b936169a021e70f9848422b376b
-
SHA256
af2022deb3462d47b4025847e614115f08b376371d2dfc9d8dcb78e8e174f214
-
SHA512
4ffa13249e572d90566dc8bb1fed283e3e9b4cca52d6d81eafdfec2e0908a91e0d4ad750bbe42781e151e6b806bb5078a436f074d1bc4b0cef76e059d7ee7b72
-
SSDEEP
393216:M+toHd5NJJl/Iu3MrNu6bC49N+ggHXxodvet/UfCZ6NoL:Mrd5zJl/Iu3MrNtb9+ggHXxEvetcKQNs
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Processes:
resource yara_rule behavioral1/memory/864-7-0x0000000140000000-0x0000000142417000-memory.dmp vmprotect behavioral1/memory/864-9-0x0000000140000000-0x0000000142417000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
d014-9a13-4c86.exepid process 864 d014-9a13-4c86.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
d014-9a13-4c86.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 d014-9a13-4c86.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString d014-9a13-4c86.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
d014-9a13-4c86.exepid process 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe 864 d014-9a13-4c86.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
d014-9a13-4c86.exepid process 864 d014-9a13-4c86.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/864-0-0x0000000140319000-0x000000014122D000-memory.dmpFilesize
15.1MB
-
memory/864-2-0x00007FFE39300000-0x00007FFE39302000-memory.dmpFilesize
8KB
-
memory/864-1-0x00007FFE392F0000-0x00007FFE392F2000-memory.dmpFilesize
8KB
-
memory/864-7-0x0000000140000000-0x0000000142417000-memory.dmpFilesize
36.1MB
-
memory/864-8-0x0000000140319000-0x000000014122D000-memory.dmpFilesize
15.1MB
-
memory/864-9-0x0000000140000000-0x0000000142417000-memory.dmpFilesize
36.1MB