Overview

overview

9

Static

static

9

594fc8b5a2...c5.dll

windows7_x64

6

594fc8b5a2...c5.dll

windows10-2004_x64

6

Analysis

  • max time kernel
    173s
  • max time network
    199s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-04-2022 15:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    594fc8b5a2d5a37f32b13ea8fadda28e48b11d942ed77e62d64e4ccef53637c5.dll

  • Size

    7KB

  • MD5

    737d49569cdcc51377ce4961096a08ee

  • SHA1

    bf1f196f1bd66481f53a62a3ba216d975d7c3981

  • SHA256

    594fc8b5a2d5a37f32b13ea8fadda28e48b11d942ed77e62d64e4ccef53637c5

  • SHA512

    2f7ab854d2f5f33210cb3a885eb90e424718fb0c795931aeb226a46b2d9881056c65f647e8677c04877931125bed8370bc910a50f4058faaf9876f86f3611f61

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\594fc8b5a2d5a37f32b13ea8fadda28e48b11d942ed77e62d64e4ccef53637c5.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3920
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\594fc8b5a2d5a37f32b13ea8fadda28e48b11d942ed77e62d64e4ccef53637c5.dll
      2⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:2256

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2256-130-0x0000000000000000-mapping.dmp
    Download