Overview

overview

7

Static

static

1

fe2b4c387c...df.exe

windows7-x64

7

fe2b4c387c...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/10/2022, 18:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    fe2b4c387c5c5d30baf95d5bb5587b092398b2f25acc909c2fc01c512716c2df.exe

  • Size

    143KB

  • MD5

    48974fd1230af0ef4f380bf0c835aa86

  • SHA1

    54424bd91e538f7c4978dda4c3a18f4587bbfc11

  • SHA256

    fe2b4c387c5c5d30baf95d5bb5587b092398b2f25acc909c2fc01c512716c2df

  • SHA512

    7ddc5f91d40a04cefb493763970179120015bac3765104842dfedc8b166cd9372fab9f1cbdc28f3b5f16c886384df41373b348bc127f58b5cee6d44aec060bc2

  • SSDEEP

    3072:PXepGQJhYRPJB2U4jnFHM8fxunoqyNZHKJlh:vHQ7YRZwzZunoqMHab

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fe2b4c387c5c5d30baf95d5bb5587b092398b2f25acc909c2fc01c512716c2df.exe
    "C:\Users\Admin\AppData\Local\Temp\fe2b4c387c5c5d30baf95d5bb5587b092398b2f25acc909c2fc01c512716c2df.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32.exe" "C:\Windows\UoDo\sun.dll" /s
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in Windows directory
      • Modifies registry class
      PID:4764

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsfC73F.tmp\System.dll
          Filesize

          10KB

          MD5

          4eff5fafd746f5decb93a44e3a3d570c

          SHA1

          a11aa7681b7e2df1c7f7492a127d332d1495ea8a

          SHA256

          cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

          SHA512

          cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsfC73F.tmp\System.dll
          Filesize

          10KB

          MD5

          4eff5fafd746f5decb93a44e3a3d570c

          SHA1

          a11aa7681b7e2df1c7f7492a127d332d1495ea8a

          SHA256

          cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

          SHA512

          cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

          Download Submit

        • C:\Windows\UoDo\sun.dll
          Filesize

          160KB

          MD5

          3604cd3a88c803844700cb3353f947eb

          SHA1

          520ba9cd8cd0f2015bad6cbdd8274f8a0e23c62e

          SHA256

          c96714fd67c0ea654ab3d80e2012f1119b7c1e5883b070f0577b910c7ff8fb4f

          SHA512

          d0cde7095ccee853a21c07de5b2acf13c2b1b3a22eb313d065e6f9dfdb79bde99fe603699a5fb2e0b995805326995bcd2981ef4dd9cc630357416bdcb1a3ef39

          Download Submit

        • C:\Windows\UoDo\sun.dll
          Filesize

          160KB

          MD5

          3604cd3a88c803844700cb3353f947eb

          SHA1

          520ba9cd8cd0f2015bad6cbdd8274f8a0e23c62e

          SHA256

          c96714fd67c0ea654ab3d80e2012f1119b7c1e5883b070f0577b910c7ff8fb4f

          SHA512

          d0cde7095ccee853a21c07de5b2acf13c2b1b3a22eb313d065e6f9dfdb79bde99fe603699a5fb2e0b995805326995bcd2981ef4dd9cc630357416bdcb1a3ef39

          Download Submit

        • C:\Windows\UoDo\sun.dll
          Filesize

          160KB

          MD5

          3604cd3a88c803844700cb3353f947eb

          SHA1

          520ba9cd8cd0f2015bad6cbdd8274f8a0e23c62e

          SHA256

          c96714fd67c0ea654ab3d80e2012f1119b7c1e5883b070f0577b910c7ff8fb4f

          SHA512

          d0cde7095ccee853a21c07de5b2acf13c2b1b3a22eb313d065e6f9dfdb79bde99fe603699a5fb2e0b995805326995bcd2981ef4dd9cc630357416bdcb1a3ef39

          Download Submit

        • C:\Windows\UoDo\sun.dll
          Filesize

          160KB

          MD5

          3604cd3a88c803844700cb3353f947eb

          SHA1

          520ba9cd8cd0f2015bad6cbdd8274f8a0e23c62e

          SHA256

          c96714fd67c0ea654ab3d80e2012f1119b7c1e5883b070f0577b910c7ff8fb4f

          SHA512

          d0cde7095ccee853a21c07de5b2acf13c2b1b3a22eb313d065e6f9dfdb79bde99fe603699a5fb2e0b995805326995bcd2981ef4dd9cc630357416bdcb1a3ef39

          Download Submit

        • C:\Windows\system.ini
          Filesize

          247B

          MD5

          3b807ea3f2692607a02185183e4719bd

          SHA1

          c25885a14a24bd2757df40a3f51769de71adbae3

          SHA256

          70b6b7e843e53e0e87479f8faf3c9c2759509ad2f9a3546c578f6ad796359159

          SHA512

          11933927aef2f8068eb8c58616e015312d45bf44a7b65f0c70e0a26624e80a6b7b082d3143cce0cdbb26ac4ed02479c53a05bd91a062d6855b1d3c53acb35d14

          Download Submit

        • memory/1736-136-0x0000000002BF0000-0x0000000002C1A000-memory.dmp

          Filesize

          168KB

          Download