Overview

overview

7

Static

static

1

9d3bd387bf...91.exe

windows7-x64

7

9d3bd387bf...91.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-10-2022 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d3bd387bf66d2c1647faf5b77f8efab4099f243ea0544ca4e0447e92676f591.exe

  • Size

    944KB

  • MD5

    510b9c66e11d1f205203b6bc259856a0

  • SHA1

    2866aa92afe62982e1200a17c25038d847dcf60c

  • SHA256

    9d3bd387bf66d2c1647faf5b77f8efab4099f243ea0544ca4e0447e92676f591

  • SHA512

    e71e8fcf4881b7275ae7a618ad0a4ab00b20bb4413009e4b5b8ef0db23326ca38066bbe4aef194b1b7aa6ae09a1c5cd3cea296f1aa975a2cec0e1c7e01dead68

  • SSDEEP

    12288:7ocG4GfJMRo0dHvZjZLGFSGzBg8EtbQd8QMR20tHWZjZLfgQGzNg8XF6Go:7VG4Gxuo0fZLGFNf7o20kZLfgDkN

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d3bd387bf66d2c1647faf5b77f8efab4099f243ea0544ca4e0447e92676f591.exe
    "C:\Users\Admin\AppData\Local\Temp\9d3bd387bf66d2c1647faf5b77f8efab4099f243ea0544ca4e0447e92676f591.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2808
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 "C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha2158\ie\MediaViewerV1alpha2158.dll" /s
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1452

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha2158\ie\MediaViewerV1alpha2158.dll
    Filesize

    85KB

    MD5

    df38d85074655588142eb7ccaaa26d76

    SHA1

    d7e91b230334b33ac4e4d006752166ee4e407c41

    SHA256

    ede71f40cd15457ca8a179ba521ae8dee87d9b8b4f32e553a67d7a282c0f6d9a

    SHA512

    796f759a887c0551249f9188a477376884d6e833f2b4f1c31be36433e5c1926666223fada7a09ab0243ab74c8d8200222d26113cdf9061bc2e15ec49ac4e4cc9

    Download Submit

  • C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha2158\ie\MediaViewerV1alpha2158.dll
    Filesize

    85KB

    MD5

    df38d85074655588142eb7ccaaa26d76

    SHA1

    d7e91b230334b33ac4e4d006752166ee4e407c41

    SHA256

    ede71f40cd15457ca8a179ba521ae8dee87d9b8b4f32e553a67d7a282c0f6d9a

    SHA512

    796f759a887c0551249f9188a477376884d6e833f2b4f1c31be36433e5c1926666223fada7a09ab0243ab74c8d8200222d26113cdf9061bc2e15ec49ac4e4cc9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsqC9ED.tmp\aminsis.dll
    Filesize

    834KB

    MD5

    14ad04243334645f399639b028f21d17

    SHA1

    7368866dc95621a1407d2105d040da2cc9852ba9

    SHA256

    02d13f28df1314640474ee77cd202a2c0da8e1d609c614f8fdff4451f8ee63fa

    SHA512

    3859b6f6e7e46ba70fa0be24fd2ceadf3db746818f11a09109c7bb678ee4fc08824a0cf15c77df09c3b2bdc2a80067a98130660152f5ee61e4bd501ef5ed1728

    Download Submit

  • memory/1452-133-0x0000000000000000-mapping.dmp

    Download