Overview

overview

7

Static

static

9b7d59409a...3b.exe

windows7_x64

7

9b7d59409a...3b.exe

windows10-2004_x64

1

Analysis

  • max time kernel
    107s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    27-04-2022 19:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9b7d59409a7bae930aaf6a7c86f8f6c000819667170d0210be8497642443233b.exe

  • Size

    29KB

  • MD5

    58df37c8507c0b74befe67dfb16b2aef

  • SHA1

    dd07379b9c544cc3df5261e92b3a043d1a8e1a9a

  • SHA256

    9b7d59409a7bae930aaf6a7c86f8f6c000819667170d0210be8497642443233b

  • SHA512

    77449ff17eb82dd1f6d78e533381c46b704997893d0b08848c6b2ac53b5b2b2a121d7dba97f1e9b750dfbf67de45da162c8c639a3871f6736faf48b3a81cf7a5

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Modifies registry class 42 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b7d59409a7bae930aaf6a7c86f8f6c000819667170d0210be8497642443233b.exe
    "C:\Users\Admin\AppData\Local\Temp\9b7d59409a7bae930aaf6a7c86f8f6c000819667170d0210be8497642443233b.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s /c C:\Windows\system32\IEAPIHELP.dll
      2⤵
      • Loads dropped DLL
      • Modifies registry class
      PID:1164
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1636

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PARNG7WW.txt
    Filesize

    602B

    MD5

    68e4eedebee2ee057dbc289eb3ebebae

    SHA1

    2361c5cf16d653c4eec8b8d65ec1f23259b5f0f7

    SHA256

    7b62904348443e32ae9faf1946aa636b5577b09cc872d0b625f927073ec72f3d

    SHA512

    03faa9fa6d5df4f8f8746573a6facee2be1d344a4cd7f76cf6dbbad9c63690f27f030f91585a3147ad290331d14ec5a13c0cc2ae54c5e15fc42d7ca26b9ec8fa

    Download Submit
  • C:\Windows\SysWOW64\IEAPIHELP.dll
    Filesize

    54KB

    MD5

    178a450d7c626f9b86bf5a63b16d2903

    SHA1

    9efe387993875936f9a2ca96c9a2aaab412ef459

    SHA256

    0c1a8d5d9acf0cb2591342225a806ab20d7ac7c32715326d2ee5f833bc87ece0

    SHA512

    2b0475927469b5d0d2804ebb21c8e846f2968f7033edae19e9cef297ad7f427ce26df1cfc43fe6a299c22a5da5a7d4880aa74c72f9357a760b644a8c48da8df5

    Download Submit
  • \Windows\SysWOW64\9_tem.dll
    Filesize

    54KB

    MD5

    178a450d7c626f9b86bf5a63b16d2903

    SHA1

    9efe387993875936f9a2ca96c9a2aaab412ef459

    SHA256

    0c1a8d5d9acf0cb2591342225a806ab20d7ac7c32715326d2ee5f833bc87ece0

    SHA512

    2b0475927469b5d0d2804ebb21c8e846f2968f7033edae19e9cef297ad7f427ce26df1cfc43fe6a299c22a5da5a7d4880aa74c72f9357a760b644a8c48da8df5

    Download Submit
  • \Windows\SysWOW64\IEAPIHELP.dll
    Filesize

    54KB

    MD5

    178a450d7c626f9b86bf5a63b16d2903

    SHA1

    9efe387993875936f9a2ca96c9a2aaab412ef459

    SHA256

    0c1a8d5d9acf0cb2591342225a806ab20d7ac7c32715326d2ee5f833bc87ece0

    SHA512

    2b0475927469b5d0d2804ebb21c8e846f2968f7033edae19e9cef297ad7f427ce26df1cfc43fe6a299c22a5da5a7d4880aa74c72f9357a760b644a8c48da8df5

    Download Submit
  • memory/1164-56-0x0000000000000000-mapping.dmp
    Download
  • memory/2044-55-0x0000000075441000-0x0000000075443000-memory.dmp
    Filesize

    8KB

    Download