786bcf5ae86212846b8c3253e08544ae10a4d68079d6783cff3df3627686d98f

Analysis

max time kernel
1s
max time network
3s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0feb80b5d732361c5c1dfc46fb470e7f.exe
Size

445KB
MD5

0feb80b5d732361c5c1dfc46fb470e7f
SHA1

242877a3f2ff93afee5d5323e38c73f41dd09591
SHA256

786bcf5ae86212846b8c3253e08544ae10a4d68079d6783cff3df3627686d98f
SHA512

6788f0ef4d845fabf7ef30cf47b02fceeccabd6d59299ccbe7692ab3d71934978fbca9aff23775efd334488c76424b5073ccb005699f480940efbffeb1b3c697
SSDEEP

12288:trGdDJCQRGj2S7hW1DJPtCeL+a1Rjx09R31sHgkOKNPjYWF:trsDpUg1DRtxL+aTV6F2gkOKdD

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe
2428	0feb80b5d732361c5c1dfc46fb470e7f.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Easy PDF Reader\icon.ico	0feb80b5d732361c5c1dfc46fb470e7f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0feb80b5d732361c5c1dfc46fb470e7f.exe
"C:\Users\Admin\AppData\Local\Temp\0feb80b5d732361c5c1dfc46fb470e7f.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsd4175.tmp\GetVersion.dll

Filesize
6KB

MD5
5264f7d6d89d1dc04955cfb391798446

SHA1
211d8d3e7c2b2f57f54a11cb8bc4fa536df08acc

SHA256
7d76c7dd8f7cd5a87e0118dacb434db3971a049501e22a5f4b947154621ab3d4

SHA512
80d27ee2f87e2822bd5c8c55cc3d1e49beebb86d8557c92b52b7cbea9f27882d80e59eefa25e414eecee268a9a6193b6b50b748de33c778b007cde24ef8bcfb7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd4175.tmp\Math.dll

Filesize
66KB

MD5
b140459077c7c39be4bef249c2f84535

SHA1
c56498241c2ddafb01961596da16d08d1b11cd35

SHA256
0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

SHA512
fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

Download Submit
\Users\Admin\AppData\Local\Temp\nsd4175.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd4175.tmp\md5dll.dll

Filesize
8KB

MD5
a7d710e78711d5ab90e4792763241754

SHA1
f31cecd926c5d497aba163a17b75975ec34beb13

SHA256
9b05dd603f13c196f3f21c43f48834208fed2294f7090fcd1334931014611fb2

SHA512
f0ca2d6f9a8aeac84ef8b051154a041adffc46e3e9aced142e9c7bf5f7272b047e1db421d38cb2d9182d7442bee3dd806618b019ec042a23ae0e71671d2943c0

Download Submit
\Users\Admin\AppData\Local\Temp\nsd4175.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
memory/2428-13-0x0000000002FF0000-0x000000000300A000-memory.dmp

Filesize
104KB

Download