6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:37

Target

6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe
Size

9.0MB
MD5

5b6c1c97499114d776600baf3d0103bd
SHA1

bf08f8c77359ce82b4cce0d74b1a8616d6b54d25
SHA256

6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d
SHA512

01919611470290654b2fcc186466f93fa971677ae718ad88ec631d8ea4267f39fc1cbadd9ca5d71d6541994038e57f47ee5db48ddbbc032a2ad97a42a77af796
SSDEEP

196608:nrJcDKlFBqyzwDxURK8vyqByLdlf3hRQIgLKN:rODKlFBqywayOclfhRQIG2

Score

7^/10

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe

pid process

1644 6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe
1644 6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe

pid	process
1644	6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe
1644	6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe

C:\Users\Admin\AppData\Local\Temp\6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe
"C:\Users\Admin\AppData\Local\Temp\6f240ddeca65d27311b0d3f30507bd9f4406a503fe821ef4e2e77704e20d6d7d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1644

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance