Overview

overview

8

Static

static

5e99b7bb20...7e.exe

windows7_x64

8

5e99b7bb20...7e.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    37s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    08-05-2022 15:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e99b7bb205fc75e2d68c2e8e014813f858beacb39af583e58a29adee8e1937e.exe

  • Size

    2.0MB

  • MD5

    1911db6208686820c73a57471921f04b

  • SHA1

    23a9cea3c8f2575def0676fb5d7b435705ed8369

  • SHA256

    5e99b7bb205fc75e2d68c2e8e014813f858beacb39af583e58a29adee8e1937e

  • SHA512

    1298c2f63bc127effb64b03cbed6662960e477322d5d6cba4b0f7db91da8c99a9d5b61bd88529a61509162dbe44bc6d5dc20e84348d4d1ca3d84d1888033dac1

Score
8/10
adwarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
    adwarespyware
  • Modifies registry class 12 IoCs
  • Runs .reg file with regedit 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e99b7bb205fc75e2d68c2e8e014813f858beacb39af583e58a29adee8e1937e.exe
    "C:\Users\Admin\AppData\Local\Temp\5e99b7bb205fc75e2d68c2e8e014813f858beacb39af583e58a29adee8e1937e.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe" /S RegKey.reg
      2⤵
      • Runs .reg file with regedit
      PID:1772
    • C:\Program Files (x86)\Internet Download Manager\IDMan.exe
      "C:\Program Files (x86)\Internet Download Manager\IDMan.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    Filesize

    5.2MB

    MD5

    125cc32631054d876373fe701f66a140

    SHA1

    812d740f9da1bac61cb1a4bddcd934170ae27425

    SHA256

    989154ed476c58d29fe03af8bdbbe839dc1de24b60f29ac1e61a284420ffabfa

    SHA512

    9b400925dc88f49076bbd48876d893bce96000561323a932a0ae53002a5669baa319391a552f71b845b49db9b59634cff8abfcf089153d6b7d34a1b3a65a904d

    Download Submit
  • C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    Filesize

    5.2MB

    MD5

    125cc32631054d876373fe701f66a140

    SHA1

    812d740f9da1bac61cb1a4bddcd934170ae27425

    SHA256

    989154ed476c58d29fe03af8bdbbe839dc1de24b60f29ac1e61a284420ffabfa

    SHA512

    9b400925dc88f49076bbd48876d893bce96000561323a932a0ae53002a5669baa319391a552f71b845b49db9b59634cff8abfcf089153d6b7d34a1b3a65a904d

    Download Submit
  • C:\Program Files (x86)\Internet Download Manager\RegKey.reg
    Filesize

    1KB

    MD5

    406c71cece27fc28fde620b448ca52cb

    SHA1

    f44d0a79b6809ac4e00e94cd31213bf51370cc70

    SHA256

    be8794dcbf0071a2d6f4fc5e953cd4371da58500d0325f0c45674416ec7d8b23

    SHA512

    64df44f1857e162e7ea069c5619ef98ff3f6c54636ca88238ae9b364112fb083cc74e022694d415a095c9074f677b1d30348b5070be72ae86e9cbda17905310f

    Download Submit
  • \Program Files (x86)\Internet Download Manager\IDMan.exe
    Filesize

    5.2MB

    MD5

    125cc32631054d876373fe701f66a140

    SHA1

    812d740f9da1bac61cb1a4bddcd934170ae27425

    SHA256

    989154ed476c58d29fe03af8bdbbe839dc1de24b60f29ac1e61a284420ffabfa

    SHA512

    9b400925dc88f49076bbd48876d893bce96000561323a932a0ae53002a5669baa319391a552f71b845b49db9b59634cff8abfcf089153d6b7d34a1b3a65a904d

    Download Submit
  • \Program Files (x86)\Internet Download Manager\IDMan.exe
    Filesize

    5.2MB

    MD5

    125cc32631054d876373fe701f66a140

    SHA1

    812d740f9da1bac61cb1a4bddcd934170ae27425

    SHA256

    989154ed476c58d29fe03af8bdbbe839dc1de24b60f29ac1e61a284420ffabfa

    SHA512

    9b400925dc88f49076bbd48876d893bce96000561323a932a0ae53002a5669baa319391a552f71b845b49db9b59634cff8abfcf089153d6b7d34a1b3a65a904d

    Download Submit
  • \Program Files (x86)\Internet Download Manager\IDMan.exe
    Filesize

    5.2MB

    MD5

    125cc32631054d876373fe701f66a140

    SHA1

    812d740f9da1bac61cb1a4bddcd934170ae27425

    SHA256

    989154ed476c58d29fe03af8bdbbe839dc1de24b60f29ac1e61a284420ffabfa

    SHA512

    9b400925dc88f49076bbd48876d893bce96000561323a932a0ae53002a5669baa319391a552f71b845b49db9b59634cff8abfcf089153d6b7d34a1b3a65a904d

    Download Submit
  • \Program Files (x86)\Internet Download Manager\IDMan.exe
    Filesize

    5.2MB

    MD5

    125cc32631054d876373fe701f66a140

    SHA1

    812d740f9da1bac61cb1a4bddcd934170ae27425

    SHA256

    989154ed476c58d29fe03af8bdbbe839dc1de24b60f29ac1e61a284420ffabfa

    SHA512

    9b400925dc88f49076bbd48876d893bce96000561323a932a0ae53002a5669baa319391a552f71b845b49db9b59634cff8abfcf089153d6b7d34a1b3a65a904d

    Download Submit
  • memory/848-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1772-55-0x0000000000000000-mapping.dmp
    Download
  • memory/2016-54-0x0000000075951000-0x0000000075953000-memory.dmp
    Filesize

    8KB

    Download