e1f803990bc9fd5f000369f7deb247f22c8ee98c5abdb06b4201414fb27dfe88

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1dfdbcf8e006c7a45c4577f09575615c.exe
Size

1.3MB
MD5

1dfdbcf8e006c7a45c4577f09575615c
SHA1

4b371875c59fc5cf8376cad0dce76b3ef24358d5
SHA256

e1f803990bc9fd5f000369f7deb247f22c8ee98c5abdb06b4201414fb27dfe88
SHA512

f900aa648c15ce65f60e607217b0276b4d67196210d153fcca494ab0dce16bc949f98aa84264243447e1036dbabd7f47f3b1a3b922e4ca0c53721ca0ec6a5818
SSDEEP

24576:4DGD444f/3Q+M2pOlZ0vFhmml8hm8h171dQSZEtsG44s3af5lF4sK986umXhcZ:fwVmlytAmy3OS2eGM3aBb46bmxcZ

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2252	1dfdbcf8e006c7a45c4577f09575615c.exe
2252	1dfdbcf8e006c7a45c4577f09575615c.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1dfdbcf8e006c7a45c4577f09575615c.exe
"C:\Users\Admin\AppData\Local\Temp\1dfdbcf8e006c7a45c4577f09575615c.exe"
1⤵
- Loads dropped DLL
PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsy6634.tmp

Filesize
340B

MD5
cac4525a2ec563eef14f9c6f41c65d03

SHA1
8176b402b6878703000c99062cc1a999c736a8d4

SHA256
8cda9c97c4f11540d863ed30c8204ba9415b63b6003e6ffc6d9011a6afa7d344

SHA512
3c1331c36dcc3633366ae31b3847f17aa59624b9ca208336607f39aeb9209374103b2023c265637260bda8510555a322cfc79b6c83e12c1de9c036b549122bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\gs93vx4e.Admin\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\install.rdf

Filesize
1KB

MD5
0830a5b7b3ff70269e36c7fa1450df32

SHA1
7acb989b1d9c93c71a803f74b0a11e34841b5348

SHA256
e045a7cc1eb332289769b1b8a5f3c6fa92cca4a31607e1e86b3b2fc654082618

SHA512
0701a75e9c85cd0a8225e0d4c9b632992fc7873f91196f0db6213304f092a6fbb20a664171c1e29300700e96d5031a4299cb847e302428800e5811b88906579c

Download Submit
\Users\Admin\AppData\Local\Temp\nso6421.tmp\ZipDLL.dll

Filesize
163KB

MD5
2dc35ddcabcb2b24919b9afae4ec3091

SHA1
9eeed33c3abc656353a7ebd1c66af38cccadd939

SHA256
6bbeb39747f1526752980d4dbec2fe2c7347f3cc983a79c92561b92fe472e7a1

SHA512
0ccac336924f684da1f73db2dd230a0c932c5b4115ae1fa0e708b9db5e39d2a07dc54dac8d95881a42069cbb2c2886e880cdad715deda83c0de38757a0f6a901

Download Submit