d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Size

34KB
MD5

e2dd408e8a2b8a0e8a9505f4f25be0de
SHA1

a57e61599cdef24559d61c6e64556c1412fcaa0b
SHA256

d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15
SHA512

96083508cf50d6afb8bbb567eec09eb8b3e8985b8bd665c8a68e2f5e6eee7b0df611eddd6028b6b97ba1a32b02c1a2b4df2ed79321a52e03e5a6e59fd47488e8

Score

6^/10

adware stealer

Malware Config

Signatures

Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176
Drops file in Windows directory 1 IoCs

Processes:

d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

description ioc process

File created C:\Windows\system\tlctw32.dll d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

description	ioc	process
File created	C:\Windows\system\tlctw32.dll	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

Modifies registry class 6 IoCs

Processes:

d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C657AAF-22D9-5A16-E17D-31457D631863}\InProcServer32	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C657AAF-22D9-5A16-E17D-31457D631863}	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C657AAF-22D9-5A16-E17D-31457D631863}\InProcServer32\ = "C:\\Windows\\system\\tlctw32.dll"	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C657AAF-22D9-5A16-E17D-31457D631863}\InProcServer32\ThreadingModel = "Apartment"	d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe

C:\Users\Admin\AppData\Local\Temp\d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe
"C:\Users\Admin\AppData\Local\Temp\d796cb0b385a6f163aab35fdc8401856712b918bc02be66fb00ec097e3b60d15.exe"
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:1376

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads