e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5

General

Target

e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
Size

55KB
MD5

821883525833df75c30d68584716f6fd
SHA1

59f8739daa99175ae2a20e38048b1a5d3c5f039a
SHA256

e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5
SHA512

d457be30bc2231490e5d430c4eb545a9ef6c1f7bb3c393f28107faab4219d309c190592080aca9ef649a15ef78ddebf0d4f092b4988501b0177e18eb19386ef0

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 26 IoCs

Processes:

e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe

description	ioc	process
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe

Drops file in Program Files directory 64 IoCs

Processes:

e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe

description	ioc	process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\zh-tw\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\organize.svg	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\MedTile.scale-200_contrast-white.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-100_contrast-black.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxCalendarLargeTile.scale-400.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.10252.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-125_contrast-white.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-36_altform-unplated.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCache-Light.scale-140.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGIB.TTF	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsBadge.contrast-white_scale-200.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\PopUp\Pop_up_Error.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\mso30imm.dll	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\GenericMailMediumTile.scale-150.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\pk_60x42.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\SmallTile.scale-100.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.People_10.1.10531.0_x64__8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.targetsize-64.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\tr-tr\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\sv-se\ui-strings.js	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxSmallTile.scale-125.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-40_altform-unplated.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\3.jpg	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\de-de\ui-strings.js	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\ui-strings.js	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\2875_40x40x32.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_neutral_split.scale-150_8wekyb3d8bbwe\Assets\starttile.dualsim2.scale-150.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-white\LargeTile.scale-200.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\1725_40x40x32.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\5372_32x32x32.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_11.8.204.0_neutral_split.scale-125_kzf8qxf38zg5c\AppxManifest.xml	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryNewsletter.dotx	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ui-strings.js	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\3009_40x40x32.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSmallTile.scale-100.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\VVIEWRES.DLL	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\1849_20x20x32.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\na_60x42.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbwe\mso20imm.dll	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\TEE\fr-FR.Messaging.config	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\resources.pri	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\main-selector.css	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\HowToPlay\StarClub\Help_3_2.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\images\example_icons.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugin.js	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\6440_48x48x32.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-20_altform-unplated_contrast-white.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\models\en-US.PhoneNumber.ot	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Tiles\create-new-theme.jpg	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White@3x.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\ThemeCreation\themes_page_menu_button.jpg	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-private-l1-1-0.dll	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\OneConnect.dll	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\fr-fr\Open Me!.hta	e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe

C:\Users\Admin\AppData\Local\Temp\e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe
"C:\Users\Admin\AppData\Local\Temp\e6fae4d52ed5450e44b6c16ce80abf4e63cdc25d3e4fc4f55c220cc1b740c2f5.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads