Overview

overview

7

Static

static

f39ea28e7b...cb.exe

windows7-x64

7

f39ea28e7b...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    45s
  • max time network
    50s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 16:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f39ea28e7b4e5185c591702662e235572f7961a672fb716260005f3263c280cb.exe

  • Size

    263KB

  • MD5

    8301ec0ef0b36327289bd855ab2e7840

  • SHA1

    4ea0ef110e7cd3667382fca86e92452617632d11

  • SHA256

    f39ea28e7b4e5185c591702662e235572f7961a672fb716260005f3263c280cb

  • SHA512

    8d761df0c9c272bd22e6aec57f823c355f9e97692910abaf4a375abe035327e00b67a8517d8d6dd5489242e4291006b8f384d98493bf1ea492be7f6dc06a69e5

  • SSDEEP

    6144:Jea9j1ehBossxwU9pmbXivsOqDytTUr8wOBfG8712x1TFDvggQ7miYoPA:JB8D7UWXCsZDgUrZf8QFDxQ7RPA

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f39ea28e7b4e5185c591702662e235572f7961a672fb716260005f3263c280cb.exe
    "C:\Users\Admin\AppData\Local\Temp\f39ea28e7b4e5185c591702662e235572f7961a672fb716260005f3263c280cb.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1524
    • C:\Windows\SysWOW64\Regsvr32.exe
      Regsvr32.exe /s C:\Windows\system32\kwichumofgany.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1696

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\kwichumofgany.dll
          Filesize

          572KB

          MD5

          3a51e4cdc547a07461543a7f70ef8443

          SHA1

          b2421ae21616d392764a4a093d49c8d0878be85a

          SHA256

          f94d802e7c370374104393482605baafef9a77e8c5e0c7960b0f6aeaf1537b81

          SHA512

          2b4769eca2f62f7f3d06300b9009e0bd5038fed75f4b8754a239fb07edefd2c7f922baea9b119bba145fa678bccb6a22f6b398b6b5fb2797fb5a6056a475d5da

          Download Submit

        • \Windows\SysWOW64\kwichumofgany.dll
          Filesize

          572KB

          MD5

          3a51e4cdc547a07461543a7f70ef8443

          SHA1

          b2421ae21616d392764a4a093d49c8d0878be85a

          SHA256

          f94d802e7c370374104393482605baafef9a77e8c5e0c7960b0f6aeaf1537b81

          SHA512

          2b4769eca2f62f7f3d06300b9009e0bd5038fed75f4b8754a239fb07edefd2c7f922baea9b119bba145fa678bccb6a22f6b398b6b5fb2797fb5a6056a475d5da

          Download Submit

        • memory/1524-59-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1524-61-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/1696-55-0x0000000075B51000-0x0000000075B53000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1696-58-0x0000000000550000-0x00000000005E4000-memory.dmp

          Filesize

          592KB

          Download