Analysis
-
max time kernel
115s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
31/10/2024, 00:44
General
-
Target
6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.exe
-
Size
2.1MB
-
MD5
1bbd6849abd2549ab2979f9c257c1562
-
SHA1
86df4c9647157c24c7529702224597f1c4540fbb
-
SHA256
6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5
-
SHA512
cf750badebedf75456a3680f6dedea07b80842e6efa12620574bf34aa6171a7c1f82aa444515a905e6f8ded975616de1137de4a27ef168633a4266355e2465d4
-
SSDEEP
49152:649dU9nTEhaR59l1OzQXsRNyOr7YuDwebnsI63/0Vbn1dF2npqO1uJr:B9dU9n+K5jozQXCyOrYebAv0VZ2nT1uB
Malware Config
Signatures
-
Detect Neshta payload 7 IoCs
-
Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
-
Neshta family
-
Executes dropped EXE 3 IoCs
-
Loads dropped DLL 10 IoCs
-
Modifies system executable filetype association 2 TTPs 1 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Modifies registry class 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 23 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.exe"C:\Users\Admin\AppData\Local\Temp\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.exe"1⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3582-490\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.exe"C:\Users\Admin\AppData\Local\Temp\3582-490\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-GSF9M.tmp\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.tmp"C:\Users\Admin\AppData\Local\Temp\is-GSF9M.tmp\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.tmp" /SL5="$5010A,1673388,498688,C:\Users\Admin\AppData\Local\Temp\3582-490\6d13164d53d8fd58b5eefa57a6e6dd6da2335c986ce7b8562184ca4d2a2043c5.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\PasswordFolder\PasswordFolder.exe"C:\Program Files (x86)\PasswordFolder\PasswordFolder.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://passwordfolder.net/4⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:272 CREDAT:275457 /prefetch:25⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
547KB
MD5cf6c595d3e5e9667667af096762fd9c4
SHA19bb44da8d7f6457099cb56e4f7d1026963dce7ce
SHA256593e60cc30ae0789448547195af77f550387f6648d45847ea244dd0dd7abf03d
SHA512ff4f789df9e6a6d0fbe12b3250f951fcf11e857906c65e96a30bb46266e7e1180d6103a03db2f3764e0d1346b2de7afba8259ba080057e4a268e45e8654dfa80
-
Filesize
471B
MD54f6113d3b0a55e36ca5fb434dc9e6470
SHA1c2189d19b74fbf0358e2dc4616cc23f716c48298
SHA2562c87bbcaee868c6e80e422441d76a98fa293d6f26f8b4bbbd36f7db33dc9df22
SHA5129af9f43d5b32e80e797fcbc6337450b39454490b6e7afb114e6aac89afe4246cd89012728cb36f594111ebc93d3de8c1d74eadd260bfcff5dffaeb58271a400a
-
Filesize
342B
MD5f44a96ebda57a51419a993767f301a32
SHA182b2c759bf2c0195bda77d7c9fc8ac00807352c2
SHA2564b039704784dce8e2cfbcf3e3ac9c8b5229f77adb1747df17cc47f716bf9a8d8
SHA5125e2e89098622460146938bf5652cf1ee4d28c402ff7374f086af695773d620dcd5c2f9c4b31828f45dce18cbfd681a773a6eb9e75cddccb02d3f971c6d3e8147
-
Filesize
342B
MD5233b76137ff5ffc23fd9c3f90acef7d2
SHA139a816df5b143c2e20ca1126477fa86a68007cdd
SHA2566c15815dc250cec2cc1560410713e216020c62837f405660504dd9b358486dd8
SHA5123b268b7ad09377221d2aa8b41de0bc13fbeadbed9b7524f1e062ed190ca1bc436a7672047ce5f2473568f3f3bc05cef085cbdc8f46883f33c91c4d2cef5e40fe
-
Filesize
342B
MD572264985ca21329404bea499315a091c
SHA12ca050197c62a3c6333ce44cbaae3eee17bd34a5
SHA2565b65546334638c7c4b5f7aa627e979a2a7d979c68f5679d6c7e1ce38a377a286
SHA51283b99d8bd6a3437f812a8203dd98e7e05a2638b0b9b048b11d071b49af1c383c4d2c00bd92da2a05e4ee29282091e20852c21d34f228ec7e4fabff5a48ec80f1
-
Filesize
342B
MD5e06ed7df288458c494da782d896e4d70
SHA1bfa9f8e44772be97b411e50ebc4da9f8458d3656
SHA256ccae74886f218f29422afa2c103e4153c33dbdf65c0114808f3280781aacb91f
SHA5126a87e678eaf5560c984dadc010cde13af339453c35bf43df5ad344856d61c412e172bd7465e18f5fe25296fa72adcf4a82b69bca9739fdd9d7aad93fc741b0fb
-
Filesize
342B
MD5ccf61aaca133677359ddb945a78cb8c7
SHA1504117182427fc85b38c9817bd8f3907bcca4a69
SHA2562ed84c5c44c1c570528bc1570a5ed09062dd6362f65babf5a3b3a98142368845
SHA512c85a58fda00650c175a9358f93e28eee97bd7c2684022778718c52e0dd3cb5461275b129264ce2902058486a4c77073593a541e8ca818523a5463802a0440b7c
-
Filesize
342B
MD57382614abd9512c5d6a2d241ae819e99
SHA1e9cf8b70af17cf2d8a652db85ba05437913b0686
SHA256aad55187fbaf4474f4260e4f12f67ca91fe2cfd5030c343d7faf2db49c88a6ff
SHA512eba18257d129e9512e9fd1def8bad3e28e3bd75d362a4ae74bb786aa2ebc49497eefc945d890f37a46a8d0eae1de16aef867212fec1cd0bbb4a988f6637342a9
-
Filesize
342B
MD5bd3f6ffd0431ceb90ec4dbff328c844c
SHA13345b5289610ce1869c1ec514007489c5afcb4c5
SHA256c2e84d00b24f8779300a8f991aca9953e8e882116aff671ba0668884a618c14c
SHA512e3d601745383bc2ad03cb85dec1ce65de6f27b26761a059096e7cd63eac803cf9a80c21d37933bab52f31011c98e18d7e9875a902cf81566d060bf4840d8070e
-
Filesize
342B
MD5a9e7ab53b79704e53094fc42f53a9dcc
SHA1488b1f2fd754a9bd59c831974f7115156fc6b6cf
SHA2562a8030c4a313fb06f454b568d9ba7e8be3f7c611105beacec7cbe82f900ac22e
SHA5125e5a3ae7068c32cbb8935b49e9d6cb0d87a2c4c4375cf958c31a79a28b921e4d56aeaa0a0ae58c337812ae57ca1bb8c1ed08a62407eed5524784cde2523b7eaf
-
Filesize
342B
MD5233915a874102455968aad63029063a9
SHA11e14f32ff4041c557bf0477514b608ee325f3adc
SHA25652cfdfa5d6d4e1229e45a038f7c26df0d99c3ab606c391ec100f45d3d2fd5b54
SHA51256797e1c9a8163a87e888b54ee6592f10c8ac6bcf85a7341d4985f65da69eea38aa93659a50b60277241da76a895f5aa07af99023c8c3e366f840a0d71e321e0
-
Filesize
342B
MD504815f690751957dd8f2d5f3fed2e7ff
SHA188788a5b2621d73a70641d8ade361eb6d4530366
SHA256de031aec3567b1e820936c6207cf91f143869a33baa1d257f62ef20473c5ca40
SHA51276bdc3e8167ab711db0e5ee44986629ddc52a3e121ea370fad012f024f441ea5c0e188deea0eaf5d44cb86ea1131063289efd433c79d5f1fc8f01681a49cfc5c
-
Filesize
342B
MD52f6925b8e7d7fef95b76dcbc14c02587
SHA12e0e9e54c22454e227d29d4e017d98d7db5cdf35
SHA2562a2cf1f8c57993d3a7e0d28f4f820b4bf89e521f8e393ccc6e74f935a33d4aa7
SHA51235f231d18cce10c056f5e9506112be0b6dd9fa61c21e21d17d461e2904490478c48de6ee727c92a714acc1a308b4eabe93b5edc32086f894aabb024ef5a909c7
-
Filesize
342B
MD5d6ccf897fbac6e12f4557aea7a54fa24
SHA19371d7914bd52c2d5424fc1bc1a2324fb411458a
SHA2562efd90102e175c10ce13331e286c567ad57c7be753f7a100e91cabfe34258f67
SHA5129abadc209be4413ab390a4f70c31e4d7fa9eb4e157684ada52e0fdededbdb2d05d9d21f5519b73dc3c6db18c359a50350d9776b8b08bebef4fc3315aa09f439e
-
Filesize
342B
MD5782b0946ef5359a81d344600cfe1dea1
SHA1f45b9ed858eaefb407a9092a8ec1deb12645d27e
SHA25683bed536b56e4c54484a45054078461d69f6e645db32bc11552f0185374eb5e2
SHA51201307afda11df442a417ffb1e39e9189f0b30db7e35163642dca8c4ed39a1a84d02e448effb7316327e734fb82064df2e7db5112800124a2c5e44f180cd737b3
-
Filesize
342B
MD593fce6d1fcd4a9c703c231d624d1c8bc
SHA16382f9b605f73f96e2459a6c8bd07d2f793b8493
SHA2567c0868842208fd0f562a903d5c0aacc04b823c3003b85be5bf3f3cb4da47565c
SHA5122d75036382b4728d427e5cc0f9df67334dd5b103c51e9556334355758b2ba234b285e3014a32c301d7c8c2071dac1aafa1fadf4830efe0ee632623927cf22b25
-
Filesize
342B
MD5007b9d50c7ad9072e0a9c57292ad05d1
SHA1cbf4f0dd3b4956f230a1024af0bba6b5ea3b88d3
SHA2565d6295915a72fddcfd7a3bcead840a55a8fc06d4f0395ba5c2e97e9e77cf2a80
SHA51237d3379d0334207602b7c8ecaf581519bae146bc182eebaaf7393c7bf34fe880aae2b387f5ef92014244910f7f9be636f159d761d38efd36001cbbc7026f1e77
-
Filesize
342B
MD522a7c42a20306285eb78af8c87d3da64
SHA104e8db59bb1a9999c6c091812ec6ac82ef05ca25
SHA2562ffe12c3bc5e3224e128374d20ab47b711738f4b39b26d04aa96481ff5044c85
SHA51234d0464829565ec5c11375eab825674c3dcf69d2e21974cb53b7f6a1a063800de9379fb41df42794217672ddc65089c1961db86d7043bbb5c6399e442e1fdd5a
-
Filesize
342B
MD5106bc5d0a9f4cc3f22e020acd7f858bd
SHA15fd8f520a6de219520c4d2b47e3e73109a744733
SHA2567bdf7e4b6d0b2ae2a8645729f85103625a4c4affcbc0849f37d3268bb25d490d
SHA51267530d8739f6a701e593f3b50825a4415af078c4d6284f1214a67b2b6cf468f9309d1a808710b89560fe5a68c8bb43d13d049e25475e11dbf9efe2c82b5d1342
-
Filesize
342B
MD500e0120a5c07dd7481f93d96b2242f75
SHA1201858f4b6f61e41af564eb5c74d12b7416cf06a
SHA25636f797705dd4b43c82073ea025703b4be3713f517464b71d424f79bdf8211a89
SHA512151070144a166ef99ef39df9d353d872920fbacfe6c4369d2667f734d365b5094c23a374d1b9c1cf1da6e3edae6d06de8e6cac36b5816f69e02e76afa38b81c3
-
Filesize
342B
MD5b23e012a0bb1779e8f75231ef87d5b21
SHA1ce72d37e30a9921c0a3bc1911a25d623a0fa280a
SHA256afff978932524074f72908ebc8d8f7514a8850d091cc3a22b17b9561c61fa76c
SHA512d45016795c67cc085457158aef2f7feb9608eba9b3012aae7745eba11ad9c1c895eedce4b58e85a0dc080bca99da8740f54198d3a7ae2b85ca312d5ada1d2420
-
Filesize
342B
MD5e9149fd7925f6c6b4c69b1c0653ac7a7
SHA164b3f1b0c31f89937ceee411ca46745b75e72ee2
SHA2560f874cd1d36f72f16ef202a77153dd65f6d157990373e761d1b7c3ec58b1fab9
SHA51221bd9adc83e882262f3801c7f5b0b77bd8cbfb10b9a314f505d72e32ec145335e1563d80ff0e4be53fbd5fbb0abfda62ce9ac253eada49896bf667adfc54653f
-
Filesize
402B
MD58086429feb5216ac59a150505a6c7e12
SHA1f563e4a17957dda58bad796d7e895d2ad78e18c4
SHA256bc6653a3c4eedc1f288b6851d40adf3744e00517a3f152fbf5ecc56982631193
SHA512d5fe2aab3d5d78d152705823da2b63e16869428b998f46c2d4d8d416f6ef62fc77e5ec724660ac16a3109cf9f3845050d4d3dfd2f25e9e735993dc382250e752
-
Filesize
3KB
MD5af96b9b28496b87a69a26d23fed726a9
SHA1bf40d5776d860deb1df26955a43e83e56a8fec34
SHA256fbfc8f32e7ab253919097b9d6373e99b29056ac927f9700a7e002b57978da616
SHA512813ff8d0f000e4949ca77d589720e45e476f8f92fd44087854e6945916375d24d201b88c8ce792886844cc163412f680975b6564439b3c601f209ca21ddd9f7b
-
Filesize
2KB
MD560afdfb8ca1bd6b593de8104a46aa46d
SHA123b357da70c50f48f7ed03b55dd12e3fddb79b8b
SHA256c5c30dbf880b73f752d5f25a4500f36637125db048fb1036916c80a8186c3358
SHA512d1146dca9fe62b5ade0bee01c5b45300aa00b9ef9e0f1ed092b1e5de986ed4f3f007a2da7bbe1413bfa13c463bd536a4da5a2a04395e5e7517f94825daa11610
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
2B
MD59cfefed8fb9497baa5cd519d7d2bb5d7
SHA1094b0fe0e302854af1311afab85b5203ba457a3b
SHA256dbd3a49d0d906b4ed9216b73330d2fb080ef2f758c12f3885068222e5e17151c
SHA51241dd75307a2e7c49caf53fff15aada688275ef4d7950bedf028612b73f343ed45cf51fe1d4d27f58ed12e93e0fd0ae7f69428db169211554d1b380c91aa5cd01
-
Filesize
4B
MD505c12a287334386c94131ab8aa00d08a
SHA195c0282573633eb230f5064039e6b359e05e8752
SHA25691c9c3ff310a53f8d179461d9af55371c78b67c38ab030bf9c026693ca495399
SHA51282d732ce4104f893e2afede4151d49d4a797caaf8f69e98349da70645293108633d9a27a9844712a562423c3e589061e99f6a3ab1230a21dd360ab464aef9915
-
Filesize
252KB
MD59e2b9928c89a9d0da1d3e8f4bd96afa7
SHA1ec66cda99f44b62470c6930e5afda061579cde35
SHA2568899b4ed3446b7d55b54defbc1acb7c5392a4b3bc8ec2cdc7c31171708965043
SHA5122ca5ad1d0e12a8049de885b90b7f56fe77c868e0d6dae4ec4b6f3bc0bf7b2e73295cc9b1328c2b45357ffb0d7804622ab3f91a56140b098e93b691032d508156
-
Filesize
6.5MB
MD5b607b7ecfde67e315157acb6e07c7356
SHA1742bd5b6d4c088ae448e37b52f4e5a527c7e1c48
SHA2569cc4e661da1ba49ed321bb04bfbcd251b7078129890dd6e64828dacaddf60865
SHA512566bf8d6f3d0f67e2e186dd34856c8613b28d8ed383e18e2cf423b216e59997d0beffc170e010a1989f513d41826e2fdfde7c59815ed34e31b660f2bff8d5758
-
Filesize
1.5MB
MD5db156483afb8d04889898afa418ecec9
SHA179e2f04d0f202e421941cf835da19d9beb07a7d1
SHA2561cfa04d41a408f4197b0c31b6764a7eb476bb7302d6dac852df4112c757be2f1
SHA51288e6d3bd585f3111592e499fcf9ef85d53f42777c336cbf03a6587e68edb9563edce419972e3cd79043032bdff1b47145fff57d8e7a1972c0688060ab896fe38
-
Filesize
2.1MB
MD53788afab0101919a4de8ffeb9ca1a848
SHA12b12fa7505550d80ac2da12684f3162ddbaa4cd2
SHA2562bd92b48507cd2dac5158d684a122a78442fc413b37ef2657169f872530c74a7
SHA512726a2f8679d5fe0f41c5de9b1077db6f5036919dd590b7df1920c6e43b3bebdb43ed7859e8a8aba890b4b2a216fa554385ac7ee1e5f257cf07d6c2c1b9fd0039
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
121KB
MD548ad1a1c893ce7bf456277a0a085ed01
SHA1803997ef17eedf50969115c529a2bf8de585dc91
SHA256b0cc4697b2fd1b4163fddca2050fc62a9e7d221864f1bd11e739144c90b685b3
SHA5127c9e7fe9f00c62cccb5921cb55ba0dd96a0077ad52962473c1e79cda1fd9aa101129637043955703121443e1f8b6b2860cd4dfdb71052b20a322e05deed101a4
-
Filesize
1.5MB
MD51cd08277cff9b87bf71727923cd56846
SHA13c093ca141b2a54a9d29f083da03eb2e29343fe2
SHA256dac04b61a5a7f0c32014ae27159c6b6570e672ddd542e75abb79763866ffb937
SHA5128565aeb5e2bf8f19feed147afa2a0532c15d7fda8f3b79d140ff16092a6c4833de97043b6ea11b96901e703aa2cccc30339910d4fa8271b8efbd95946972a6a7
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
108KB
-
Filesize
68KB
-
Filesize
528KB
-
Filesize
528KB
-
Filesize
528KB
-
Filesize
6.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
