Overview

overview

7

Static

static

df35eafa74...in.exe

windows7_x64

6

df35eafa74...in.exe

windows10_x64

7

Analysis

  • max time kernel
    132s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    20-10-2021 04:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    df35eafa746e76296cb1ec6ce92c78214e088097f46cccd35f8dd719ab20f47c.bin.exe

  • Size

    1.6MB

  • MD5

    33c05469421dfa44f77fc7b0ebe6c34a

  • SHA1

    710fc507886ad1515565863773b14422be731b17

  • SHA256

    df35eafa746e76296cb1ec6ce92c78214e088097f46cccd35f8dd719ab20f47c

  • SHA512

    965eb98f09296d6ca0622f7dc635802ea5c5b97bc32fdfac89f027371fdffa4b6cf6b1b34da6fa4a39d6d140e27f2bfd5062d9a3313c4ad90674c0b00e31a0e9

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies registry class 7 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\df35eafa746e76296cb1ec6ce92c78214e088097f46cccd35f8dd719ab20f47c.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\df35eafa746e76296cb1ec6ce92c78214e088097f46cccd35f8dd719ab20f47c.bin.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.vibeflog.com/gatasextreme/p/22949550
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:588 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:524

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    MD5

    ab5c36d10261c173c5896f3478cdc6b7

    SHA1

    87ac53810ad125663519e944bc87ded3979cbee4

    SHA256

    f8e90fb0557fe49d7702cfb506312ac0b24c97802f9c782696db6d47f434e8e9

    SHA512

    e83e4eae44e7a9cbcd267dbfc25a7f4f68b50591e3bbe267324b1f813c9220d565b284994ded5f7d2d371d50e1ebfa647176ec8de9716f754c6b5785c6e897fa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    688be7515f5f7a95d50e0126cb30fd78

    SHA1

    c73fd28eab5cdb2e01b68f7706af82c8c8f6cf8d

    SHA256

    fb2c3739235c1c969a0303682c6b5b461af98bbb2bc60228b28f4aa45e5e4228

    SHA512

    de8d7b206addec00e51c80a73177c4cf8c9c67a152f75e4007521ee37d0b348f542d2898b99195051e825919343fe44753cbc6e70ef9baeed639ca6ca0427d08

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NFDCT375.txt
    MD5

    de78565db8b372af3561c3c00e27b061

    SHA1

    bce40509d02d346f17fc321df55744f8ae1ebac3

    SHA256

    94ed06ac3c11d9fe5f7202984d9fb11eab3832abbb69f9bd423c1052d22fb5c9

    SHA512

    d762314d4dfdc40405cdb13ca0d422698e0861d9a1407e6ad4735a0aba1ce46ab9e5d3486f6d5d5ff5dc249078de96b9dbe2d77cde046848ae6924e4da7f1d12

    Download Submit
  • memory/524-56-0x0000000000000000-mapping.dmp
    Download
  • memory/588-54-0x0000000000000000-mapping.dmp
    Download
  • memory/1680-53-0x0000000074B41000-0x0000000074B43000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1680-55-0x00000000001C0000-0x00000000001C1000-memory.dmp
    Filesize

    4KB

    Download