Overview

overview

8

Static

static

9d73c594d0...5e.exe

windows7-x64

8

9d73c594d0...5e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    164s
  • max time network
    184s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 21:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d73c594d03bbdb97551af34fedf0c12f0fe18a4c2574f5f26492256a81bf15e.exe

  • Size

    3.2MB

  • MD5

    7418afc36e64b432e08171f4a4f1bbb8

  • SHA1

    a779da6faaf47a8c6bb5b23671b3acc4b0cee31d

  • SHA256

    9d73c594d03bbdb97551af34fedf0c12f0fe18a4c2574f5f26492256a81bf15e

  • SHA512

    6d5d1b76802d85621a505c7a2add2ba78c77b8bbabe43a0d6c365cd2e2aedf10db1adb1c2ef8ca75934c917980c4c21be9f22c9b3b7e3f4876eec042c6b0478e

  • SSDEEP

    49152:LoowNz/V5a5rZ8AdMOvDyuXTZ592AlLRzLmxrzkSo5sJzC6Yr7IQmMSfTnTofeyF:k8dMOTTZ72+LVLmRkST/Y/I3L70f

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d73c594d03bbdb97551af34fedf0c12f0fe18a4c2574f5f26492256a81bf15e.exe
    "C:\Users\Admin\AppData\Local\Temp\9d73c594d03bbdb97551af34fedf0c12f0fe18a4c2574f5f26492256a81bf15e.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1276
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Program Files (x86)\greatsaver\Z8CIx.x64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2724
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\greatsaver\Z8CIx.x64.dll"
        3⤵
        • Registers COM server for autorun
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:4104

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\greatsaver\Z8CIx.dat
    Filesize

    4KB

    MD5

    268d42a3cabd8bdd961df85cd538972a

    SHA1

    2677ed7881ae4efa7062975040ef73f6b7ef9e54

    SHA256

    90a1a1321bf97ac2fbc9d99e073d9a31f016a9db4b501659735b2626e940424d

    SHA512

    e6e08f0f8dd6cef324862dc8145b705677c9203b707adc94f12e036bf0d75e8ec91c022a34d80ff9a8c8829d3a9e121b9c16381dddb9e85b10acd25c61064d92

    Download Submit

  • C:\Program Files (x86)\greatsaver\Z8CIx.dll
    Filesize

    610KB

    MD5

    8630a0477e33bf7e401c82bb6f0bf9ef

    SHA1

    d1933549c59d151aec77010e665d2e60eb16f24c

    SHA256

    29d95c7d6c79159bbe46dc7c8dded2c2fc74d7a15d36c3ece2f8bbbc06718888

    SHA512

    759b5148b829c44d81d8941a939b1bc17ddef7998cbc03f24e82c49378bbed57298242cf8178587636590d2965f4b45227f62fc95dae98ebffc39b5f0e503832

    Download Submit

  • C:\Program Files (x86)\greatsaver\Z8CIx.tlb
    Filesize

    3KB

    MD5

    8956d96d82e1ff91bc7500ec1408070e

    SHA1

    fe73dbb0de2e727dd55073149490e7548826b42d

    SHA256

    4e83e6b729f8dcd42d0e2d8bac469f7cd696e6fbcb6f5edca8b91c3925b9ae5a

    SHA512

    9e8d87d5338d77f573787916500befbc49b93516713ac44fd8e98eb1698421c5ab536bc24071882c5179b6cd75df286c20306bde9bd59b5613f70ac53048ad15

    Download Submit

  • C:\Program Files (x86)\greatsaver\Z8CIx.x64.dll
    Filesize

    690KB

    MD5

    3abba853e3f56ca70c68e2b5df4dd7d2

    SHA1

    c930ed364d473be5ea573dddee48d956e36e2c3a

    SHA256

    3d6dd31f0c3decfbc21205b543a72b2bc4a9406323bdbb7c995a2db31709249d

    SHA512

    615c75f083827a8a1117eae47debe00b411565550a9e35d58a35c83e739e822dafdc3c217a33429334547d0ced6e950c0336ac8224ffcf345fa56df10971c3c5

    Download Submit

  • C:\Program Files (x86)\greatsaver\Z8CIx.x64.dll
    Filesize

    690KB

    MD5

    3abba853e3f56ca70c68e2b5df4dd7d2

    SHA1

    c930ed364d473be5ea573dddee48d956e36e2c3a

    SHA256

    3d6dd31f0c3decfbc21205b543a72b2bc4a9406323bdbb7c995a2db31709249d

    SHA512

    615c75f083827a8a1117eae47debe00b411565550a9e35d58a35c83e739e822dafdc3c217a33429334547d0ced6e950c0336ac8224ffcf345fa56df10971c3c5

    Download Submit

  • C:\Program Files (x86)\greatsaver\Z8CIx.x64.dll
    Filesize

    690KB

    MD5

    3abba853e3f56ca70c68e2b5df4dd7d2

    SHA1

    c930ed364d473be5ea573dddee48d956e36e2c3a

    SHA256

    3d6dd31f0c3decfbc21205b543a72b2bc4a9406323bdbb7c995a2db31709249d

    SHA512

    615c75f083827a8a1117eae47debe00b411565550a9e35d58a35c83e739e822dafdc3c217a33429334547d0ced6e950c0336ac8224ffcf345fa56df10971c3c5

    Download Submit

  • memory/1276-132-0x0000000000400000-0x00000000004A3000-memory.dmp

    Filesize

    652KB

    Download