208784f4cd74fd614325a22aa3cfdc54c0a05af92d0763a88d5e00ca143fadef

General

Target

14383da54e2eee5090ae777d3c38bb3b.exe
Size

910KB
MD5

14383da54e2eee5090ae777d3c38bb3b
SHA1

ad679837ddb1138a8f065b537916d487df959e58
SHA256

208784f4cd74fd614325a22aa3cfdc54c0a05af92d0763a88d5e00ca143fadef
SHA512

7fa0316342867587552860bfb8a091a392e41a62a806c93eb08009b29da81dde680ec2e40e4eca463744e2991bb4bee46bd9d86c22bd93b950ef92149f8e0b93
SSDEEP

12288:uEuzhqYUV/xYymN+1E1mclkjtx+ZMNns++6FLn/CldjKJAKETqA:uFNc2vN+YEjtiGFTFLKldj0lE9

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	14383da54e2eee5090ae777d3c38bb3b.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main	14383da54e2eee5090ae777d3c38bb3b.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	14383da54e2eee5090ae777d3c38bb3b.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\14383da54e2eee5090ae777d3c38bb3b.exe = "11000"	14383da54e2eee5090ae777d3c38bb3b.exe
Key created	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	14383da54e2eee5090ae777d3c38bb3b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	14383da54e2eee5090ae777d3c38bb3b.exe

Suspicious use of SetWindowsHookEx 38 IoCs

pid	Process
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe
888	14383da54e2eee5090ae777d3c38bb3b.exe

C:\Users\Admin\AppData\Local\Temp\14383da54e2eee5090ae777d3c38bb3b.exe
"C:\Users\Admin\AppData\Local\Temp\14383da54e2eee5090ae777d3c38bb3b.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd82D.tmp\Failed.htm

Filesize
5KB

MD5
dc97ff133e028759df5f5cb1614252b4

SHA1
67ab60e8bf101176f62007558a4063deb5b0f993

SHA256
31126e10bb189aa23ad62f61dbe8ac09abdc47c4065a44fac97918da5bbc14c6

SHA512
2102a8508175bd387aa75388a56b66e97558ea855a57a195ea5d2786661176018a796ec5d5ffaa86dcdd5d8b560ad1f998138c3382a8a90715136886ffbccb88

Download Submit
\Users\Admin\AppData\Local\Temp\nsd82D.tmp\System.dll

Filesize
17KB

MD5
62008374a494afeea2ee2ae9eee4c8c0

SHA1
94808fcf0748c437f4d7ffa4d540e054cb014fab

SHA256
9c4affddfa97b268b07c00ac28a2fe617dda806bf55088ccf348da149ee76c1a

SHA512
f584ed647b69ff8ff80450be8f0b267ebb3c97826dbf01d078165ea94b43afd1f00fc58b91d9e8f4d78465d70312c1b1a6ac66583ebdc009b0ce471a6cf149a0

Download Submit

Analysis

Sharing