Overview

overview

7

Static

static

1

14383da54e...3b.exe

windows7-x64

7

14383da54e...3b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 22:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    14383da54e2eee5090ae777d3c38bb3b.exe

  • Size

    910KB

  • MD5

    14383da54e2eee5090ae777d3c38bb3b

  • SHA1

    ad679837ddb1138a8f065b537916d487df959e58

  • SHA256

    208784f4cd74fd614325a22aa3cfdc54c0a05af92d0763a88d5e00ca143fadef

  • SHA512

    7fa0316342867587552860bfb8a091a392e41a62a806c93eb08009b29da81dde680ec2e40e4eca463744e2991bb4bee46bd9d86c22bd93b950ef92149f8e0b93

  • SSDEEP

    12288:uEuzhqYUV/xYymN+1E1mclkjtx+ZMNns++6FLn/CldjKJAKETqA:uFNc2vN+YEjtiGFTFLKldj0lE9

Score
7/10
spywarestealer

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 38 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14383da54e2eee5090ae777d3c38bb3b.exe
    "C:\Users\Admin\AppData\Local\Temp\14383da54e2eee5090ae777d3c38bb3b.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:228
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 228 -s 3476
      2⤵
      • Program crash
      PID:3516
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 228 -ip 228
    1⤵
      PID:732

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\nsm4B82.tmp\FDMClient.dll
            Filesize

            98KB

            MD5

            d51a638c89fa5be92a87a1eb910078d6

            SHA1

            34a0f17a71a4a9db3869da8258e4dc2d9e8696f4

            SHA256

            49bb5484a59fb9fa975bff6b211f689b20b9aca4ac26ccc128ec260906dd7527

            SHA512

            23390235567ff575681b02d84ed4ce7b4fe29a3b23c54750efac5e7acd703f031d46ed837ba8eb6be3e84d176906753096bc8f479fe4ebe05f0c9a1e65e167e2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm4B82.tmp\FDMClient.dll
            Filesize

            222KB

            MD5

            67613f043910d779593d21ba98a3d1f8

            SHA1

            860f322825883cdcc0d967ac6769ac8be7371a71

            SHA256

            1f07a92f8f02857d11bab6577992a690e1900eda53998c133609f0cd9146b2d1

            SHA512

            389f824c03795bb28f465d0b48a35e110a88a5c710e229f13507b73b1a6db1f1a867400ca73598897770084890caddd3e7321e104fc716472a92cd707eda9a31

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm4B82.tmp\Failed.htm
            Filesize

            5KB

            MD5

            dc97ff133e028759df5f5cb1614252b4

            SHA1

            67ab60e8bf101176f62007558a4063deb5b0f993

            SHA256

            31126e10bb189aa23ad62f61dbe8ac09abdc47c4065a44fac97918da5bbc14c6

            SHA512

            2102a8508175bd387aa75388a56b66e97558ea855a57a195ea5d2786661176018a796ec5d5ffaa86dcdd5d8b560ad1f998138c3382a8a90715136886ffbccb88

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm4B82.tmp\System.dll
            Filesize

            17KB

            MD5

            62008374a494afeea2ee2ae9eee4c8c0

            SHA1

            94808fcf0748c437f4d7ffa4d540e054cb014fab

            SHA256

            9c4affddfa97b268b07c00ac28a2fe617dda806bf55088ccf348da149ee76c1a

            SHA512

            f584ed647b69ff8ff80450be8f0b267ebb3c97826dbf01d078165ea94b43afd1f00fc58b91d9e8f4d78465d70312c1b1a6ac66583ebdc009b0ce471a6cf149a0

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm4B82.tmp\webapphost.dll
            Filesize

            93KB

            MD5

            686f188e12912f4476ed574af668803a

            SHA1

            a40b65e65fd8e025a439683be899da0fe4f59870

            SHA256

            d95377e8f03605bb066bbb23e0b79123c222154873a2fdc7979b3991cfb248f9

            SHA512

            23ddcc9ef3946711c6e54ff7edb3a12cd4155adfe5d4721e1a19305a4aae078291c5e8e617a5d292c77e3784b0088f50324f09e784527d70ff81b17b1ab564bd

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\nsm4B82.tmp\webapphost.dll
            Filesize

            86KB

            MD5

            607f9bbc58dc05589a106cdfd86429b9

            SHA1

            8b2783bdb36be9d8bc4fd6c2b9d862d51519bf89

            SHA256

            79789f5f50aefb54481377e1658c7b39035d5f1f20959399d3eab1573e9c4da4

            SHA512

            dfb981ac01a526350bf3581c62b7b73ba27cad7e2a5d2d0d1e62083bd759ce52cbd858a8c940805893f735355e6302666885a508a3832c84ce8bdfa1e4e0f6b3

            Download Submit