e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023

Analysis

max time kernel
222s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 13:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023.exe
Size

208KB
MD5

c8645d1411b6f73cff6a253765f260d6
SHA1

72faa931160f369471a8c86ab6ca2350a29de65a
SHA256

e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023
SHA512

cd55b73c13d1d1dfe87939038828ed2ad9a1a41a786c0a3229c30caa2e6dd16640af35c423bb76d5ada11386abc3935a932910e1883218b0c35f497f186db4bc
SSDEEP

3072:o9hdNcIwlxTqw6RuW5Qw+e3UTznD/bGBCf1WC6va0cdRF38FRZRU8OHtJ/iOTiGJ:oZ6IxwfWuwPk/uBCz7b+GyC/8s

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4012	e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023.exe
4012	e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023.exe
"C:\Users\Admin\AppData\Local\Temp\e03b0e9c4116eac3ce7b49771e56c821aa6aee6fd9d700879351c8c0bbfed023.exe"
1⤵
- Loads dropped DLL
PID:4012

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsvA104.tmp\System.dll

Filesize
16KB

MD5
991d09235944414ae51be4dd7611f7f7

SHA1
b34d6b0ccb1013ddb5c2eb80f02b03a2b893911b

SHA256
3f13314bb93a92748e3a08f47e23b3206196a6c7e59f7aee3382a601b8c3e366

SHA512
63ccdb59b7f7a940bd93fb0a4f9cf3c15a25e4a7ee0468d6c2072ebbfebe23d3a21f11148587c904acf58064ed576f460beeb90fac5af79235624b1679c4da38

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsvA104.tmp\nsDialogs.dll

Filesize
11KB

MD5
0c7b5ed8d024133f937fbf9b8109bf41

SHA1
0cbea8cc65a927ac2d67b2f7fa7e887d4d2a9298

SHA256
62df4a84ebf07a467ad59f1ce9bd635ce819aff8e181bab5e99eb8ff3ed8e2d6

SHA512
e79f4881f0cfbf3af4411e57a03c76dc5e08672df69c4c1edc852cf77d5aec53b2e08e5218e2372b86e4743c844fac57a968464fdad5d694228b009a9a7b4dd3

Download Submit