c7c202d36c0738460448b6ec0024ac22e758d8779e825cda873c789d8bbbec91

Analysis

Target

flow Encrypt.exe
Size

889KB
MD5

b3f3ad747c386cc087dc96bcfaad02d2
SHA1

34a7d4f24f481b9cd2f1cc9fc7dbd8d61f0f69d2
SHA256

c7c202d36c0738460448b6ec0024ac22e758d8779e825cda873c789d8bbbec91
SHA512

5282cd5dc96e03e1e1327a885b67352ebdbe7d02d7f0c16f875eb7db2f492b39c5a96f25039065b081ab81d54ccf86b879f458b31bc688a503886786be22b76e

Score

7^/10

spyware

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.flowEncryption	flow Encrypt.exe

Drops file in Windows directory 13 IoCs

description	ioc	Process
File created	C:\Windows\hh.exe.flowEncryption	flow Encrypt.exe
File created	C:\Windows\mib.bin.flowEncryption	flow Encrypt.exe
File created	C:\Windows\msdfmap.ini.flowEncryption	flow Encrypt.exe
File created	C:\Windows\PFRO.log.flowEncryption	flow Encrypt.exe
File created	C:\Windows\bfsvc.exe.flowEncryption	flow Encrypt.exe
File created	C:\Windows\bootstat.dat.flowEncryption	flow Encrypt.exe
File created	C:\Windows\fveupdate.exe.flowEncryption	flow Encrypt.exe
File created	C:\Windows\HelpPane.exe.flowEncryption	flow Encrypt.exe
File created	C:\Windows\notepad.exe.flowEncryption	flow Encrypt.exe
File created	C:\Windows\Professional.xml.flowEncryption	flow Encrypt.exe
File created	C:\Windows\regedit.exe.flowEncryption	flow Encrypt.exe
File created	C:\Windows\DtcInstall.log.flowEncryption	flow Encrypt.exe
File created	C:\Windows\explorer.exe.flowEncryption	flow Encrypt.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact