Overview

overview

8

Static

static

60e388bf22...70.exe

windows7-x64

8

60e388bf22...70.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    52s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    60e388bf22c448fedb7b506ec2b1001652a5aea3b690fada14fb8c02ca277a70.exe

  • Size

    2.1MB

  • MD5

    53290860ac17b10c42fca01d35197d56

  • SHA1

    875480c16b9bf5bfa7b9a78da753ff8378a66e83

  • SHA256

    60e388bf22c448fedb7b506ec2b1001652a5aea3b690fada14fb8c02ca277a70

  • SHA512

    846ff743ec85c2e5ee8bee748b540f3b2746829fe0205ec9dd111d849b8932fc1dbca10ef5b24fde21105a8e098da1605ffa2e164a720323d856297e6d29a459

  • SSDEEP

    49152:h1Os+AxPqbaJ0CqWfTAeP20icuFMDoiXrBSdCIlE05XwjXr3N:h1O3Axib7CqWfTAeP2vaDhtSdpA

Score
8/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 11 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\60e388bf22c448fedb7b506ec2b1001652a5aea3b690fada14fb8c02ca277a70.exe
    "C:\Users\Admin\AppData\Local\Temp\60e388bf22c448fedb7b506ec2b1001652a5aea3b690fada14fb8c02ca277a70.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\mi0ub2gOLT7GaYi.exe
      .\mi0ub2gOLT7GaYi.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops Chrome extension
      • Installs/modifies Browser Helper Object
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1724
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32.exe /s "C:\Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.x64.dll"
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:380
        • C:\Windows\system32\regsvr32.exe
          /s "C:\Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.x64.dll"
          4⤵
          • Loads dropped DLL
          • Installs/modifies Browser Helper Object
          PID:1508

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.dat
    Filesize

    6KB

    MD5

    98d0d12be3944b6f77ed654b01245cb6

    SHA1

    6027758673b01ea0d4685dc88f0520638c9a03b4

    SHA256

    81b1fbda3645798e51a16b56ca5d7b04b46e7c83d3f090e9d57c370a18f662d1

    SHA512

    d13f75d53522d367024373a32278b3b38d22737acadbcf79c012ca087ebab00d5e41d2417352eaa1042b240dcfd9f9b8c2fe2f40122b13b74ff873a8f209f40b

    Download Submit
  • C:\Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.x64.dll
    Filesize

    697KB

    MD5

    09b1827343abfccf344d2b04268c1b87

    SHA1

    1c60bbd56c0b33be582c3dac053e9b28b94d588b

    SHA256

    a9181af1ead8778d27a22e862145aa5e1dd7ac40cf6e994f8c6b1ae7b58f302a

    SHA512

    cb4ac4ff93405372a7ab65e1910d58f88a30c9b4d62c06b84fd3fd5f51ca10459c351efcc394418e27aafa27e87bd1a359d20006804da8f171b37cf2fd26f965

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\conlgmpemiehioafnlaipfdgiajocomm\EFOXrD.js
    Filesize

    5KB

    MD5

    698d6d89150ab103198184229a51f74e

    SHA1

    d2ca684913fbe3460a6e5a5d4b06ddce9cd3c41b

    SHA256

    abea461d6b623ba7e691ff533913b04b01b889f5767e5eb690d90cdb5d7433c1

    SHA512

    29bd534630600a51ff4db0692d8a53eb2d4170faa1487d28b9d223081fefd86819c791deec5bac1c9ac2e1ecbcf07ec3da6438aa8084f60ff6e167b21977b5a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\conlgmpemiehioafnlaipfdgiajocomm\background.html
    Filesize

    143B

    MD5

    44e4fc6f2a7053a2dd0f47b35cd15337

    SHA1

    ed1459361a4e95e9995af0f7b67d2d6a1dc8d5ac

    SHA256

    fcfcb18978ab67bbccebf20ba52cc315f20a793feed4143237190d5652bc0dae

    SHA512

    7cff704e3a8418ac5dbf3b4e90fa2b11e079da5035e7b15c67bdbe146aec965548207e72e4f25554deedbf3ccb613a6a95d427aa883c279c39fecd3aa09a38a5

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\conlgmpemiehioafnlaipfdgiajocomm\content.js
    Filesize

    144B

    MD5

    fca19198fd8af21016a8b1dec7980002

    SHA1

    fd01a47d14004e17a625efe66cc46a06c786cf40

    SHA256

    332b00395bc23d4cb0bf6506b0fbb7e17d690ed41f91cf9b5d1c481cb1d3e82a

    SHA512

    60f4286b3818f996fab50c09b191fbc82ed1c73b2b98d00b088b5afbbc0368c01819bd3868bd3c6bcb2cd083b719e29c28209317c7411213a25f923cfc1f0e47

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\conlgmpemiehioafnlaipfdgiajocomm\lsdb.js
    Filesize

    531B

    MD5

    36d98318ab2b3b2585a30984db328afb

    SHA1

    f30b85fbe08e1d569ad49dfeafaf7cb2da6585a5

    SHA256

    ea2caf61817c6f7781ee049217e51c1083c8fc4f1e08e07792052dfdfa529ae7

    SHA512

    6f61ccda2eba18369409850b2c91c9817fc741755e29a1579646e3816e0deab80e34a5adb9ff865c773793d32ac338163a224dbf363b46420d6ea42a7bbb2b3a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\conlgmpemiehioafnlaipfdgiajocomm\manifest.json
    Filesize

    504B

    MD5

    d532994175ac6e4e8fea2ae07edef6ff

    SHA1

    5646eab3cebc8b0a804103b63f08a63db784a77d

    SHA256

    f9a190f8cfafdeddfe9627366bcd108e42b7fa07c8d074f1570bd77489f39c4d

    SHA512

    ba6ddc11423c0b0d93de3e3ecb9eeebe29470723282165aa67de4329a5f9af7e390869a7cbd0834c1ff115a1ed0a274bed686b4b6630e98b268ec1f2a9a8dadb

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\[email protected]\bootstrap.js
    Filesize

    2KB

    MD5

    df13f711e20e9c80171846d4f2f7ae06

    SHA1

    56d29cda58427efe0e21d3880d39eb1b0ef60bee

    SHA256

    6c325461fba531a94cf8cbdcfc52755494973df0629ce0ee3fef734ab0838fc4

    SHA512

    6c51cee3bf13f164c4a5c9884cc6053cbf9db9701d34c07dc5761d2c047d3d1f7a361b32996a430107e9a4ce68a29149d747a84c76778a1e8780719a3d30470e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\[email protected]\chrome.manifest
    Filesize

    35B

    MD5

    92cbe7b730fce39082863bea27db963a

    SHA1

    ca45a87fc3d8a1b4781dd6203ca4a8e89bdc6a70

    SHA256

    b47980f576811ba59d11644c5a04803e040435d306dac65d49a0f62602197f0d

    SHA512

    736fbbcd1b51a150b8a113c75c7f8d3db16d4d237580bc291b807e0146e474bd87fedb123a6b1d6a6b0115eec63fd81f8a87437348ba497ae48a96396cfd90ad

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\[email protected]\content\bg.js
    Filesize

    7KB

    MD5

    00efb61886fbccf91d037fe47413009c

    SHA1

    d21e0891360c666fb6deba7e63f309ccd13c4afe

    SHA256

    c7322331d368713c2c808f7edcd8159d9c408bf52e13722aca25fb249d1ec9a4

    SHA512

    916e4dc2881e75608f02eed06b5e503d8eb0e3301b04c11f54360e7db854732bfe0182ed1b0f311fab84b2f232cc3d28aa85bfc8ddb0fa87e3d43d94c315e186

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\[email protected]\install.rdf
    Filesize

    602B

    MD5

    128b8cd630e171fe648ab40a41ba889b

    SHA1

    c784ad0225857d9db13d557ae7718652159082f2

    SHA256

    baf4c003b25be261857575b4dcdf5887a39ba01732da50374c5ec62ec98f296d

    SHA512

    107ceca4a7302c710a9712a7931cf4eb232c1af7d19385ad58a42e7ccaa8fde195f16eadf35e68651191df363e8e6f9a04e6fe854f34bc742373dbe9211d5c7f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\mi0ub2gOLT7GaYi.dat
    Filesize

    6KB

    MD5

    98d0d12be3944b6f77ed654b01245cb6

    SHA1

    6027758673b01ea0d4685dc88f0520638c9a03b4

    SHA256

    81b1fbda3645798e51a16b56ca5d7b04b46e7c83d3f090e9d57c370a18f662d1

    SHA512

    d13f75d53522d367024373a32278b3b38d22737acadbcf79c012ca087ebab00d5e41d2417352eaa1042b240dcfd9f9b8c2fe2f40122b13b74ff873a8f209f40b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\mi0ub2gOLT7GaYi.exe
    Filesize

    634KB

    MD5

    39bca0c0295e43a1d256f93c4bc41a7d

    SHA1

    163629228f4ad397c594ae4acc1162d2990f7d5f

    SHA256

    2e46c5d7d549885057d92525f35b60a19cb428600a397245e5f6ce0238b5e1cd

    SHA512

    e16570bea11aa8680f4e547f099e8c099c1654e6a3060fca871a42dffb9e256811f5aa9bba9f00dc14b218ad32b56c916987b3a270893540a0992f832bcf2a4d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\mi0ub2gOLT7GaYi.exe
    Filesize

    634KB

    MD5

    39bca0c0295e43a1d256f93c4bc41a7d

    SHA1

    163629228f4ad397c594ae4acc1162d2990f7d5f

    SHA256

    2e46c5d7d549885057d92525f35b60a19cb428600a397245e5f6ce0238b5e1cd

    SHA512

    e16570bea11aa8680f4e547f099e8c099c1654e6a3060fca871a42dffb9e256811f5aa9bba9f00dc14b218ad32b56c916987b3a270893540a0992f832bcf2a4d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\sEAbxZOOcWqJPd.dll
    Filesize

    617KB

    MD5

    840d829dddf8d035522e4f3547f72799

    SHA1

    1f669f414a0935ef806bdb8a93d2755f00104519

    SHA256

    a8405b5162305f768093c227ad9ece6ddd74f6dfe17fd0878a4e64e61e125d42

    SHA512

    e447ed7f6bbaacd8523984bae1584f39c4c38e93abd43d4e25c8056143d3228a3993d7aab8fd92d2e6baf0157a1d8638a1254eed037f3eb64250b6ca586913c7

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\sEAbxZOOcWqJPd.tlb
    Filesize

    3KB

    MD5

    6fb4d3c40d62e1e378e92280f2cd93a4

    SHA1

    cdcd20abfab5c8f24b0bf2e24b43930a33b4d147

    SHA256

    ffe3ee2134494c6e175cf01e0fc518402384a1f79a46a37f441e6e3c74183983

    SHA512

    960ecc2ce3d9ee0a828780d0770a4966211a55c8587e36b460c3c5d2bf7a338bd538c13bb07e93b647b5c1056fc0c14f90cf59a4b13508350922cda38ab6538d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\7zS96E4.tmp\sEAbxZOOcWqJPd.x64.dll
    Filesize

    697KB

    MD5

    09b1827343abfccf344d2b04268c1b87

    SHA1

    1c60bbd56c0b33be582c3dac053e9b28b94d588b

    SHA256

    a9181af1ead8778d27a22e862145aa5e1dd7ac40cf6e994f8c6b1ae7b58f302a

    SHA512

    cb4ac4ff93405372a7ab65e1910d58f88a30c9b4d62c06b84fd3fd5f51ca10459c351efcc394418e27aafa27e87bd1a359d20006804da8f171b37cf2fd26f965

    Download Submit
  • \Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.dll
    Filesize

    617KB

    MD5

    840d829dddf8d035522e4f3547f72799

    SHA1

    1f669f414a0935ef806bdb8a93d2755f00104519

    SHA256

    a8405b5162305f768093c227ad9ece6ddd74f6dfe17fd0878a4e64e61e125d42

    SHA512

    e447ed7f6bbaacd8523984bae1584f39c4c38e93abd43d4e25c8056143d3228a3993d7aab8fd92d2e6baf0157a1d8638a1254eed037f3eb64250b6ca586913c7

    Download Submit
  • \Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.x64.dll
    Filesize

    697KB

    MD5

    09b1827343abfccf344d2b04268c1b87

    SHA1

    1c60bbd56c0b33be582c3dac053e9b28b94d588b

    SHA256

    a9181af1ead8778d27a22e862145aa5e1dd7ac40cf6e994f8c6b1ae7b58f302a

    SHA512

    cb4ac4ff93405372a7ab65e1910d58f88a30c9b4d62c06b84fd3fd5f51ca10459c351efcc394418e27aafa27e87bd1a359d20006804da8f171b37cf2fd26f965

    Download Submit
  • \Program Files (x86)\Browser Shop\sEAbxZOOcWqJPd.x64.dll
    Filesize

    697KB

    MD5

    09b1827343abfccf344d2b04268c1b87

    SHA1

    1c60bbd56c0b33be582c3dac053e9b28b94d588b

    SHA256

    a9181af1ead8778d27a22e862145aa5e1dd7ac40cf6e994f8c6b1ae7b58f302a

    SHA512

    cb4ac4ff93405372a7ab65e1910d58f88a30c9b4d62c06b84fd3fd5f51ca10459c351efcc394418e27aafa27e87bd1a359d20006804da8f171b37cf2fd26f965

    Download Submit
  • \Users\Admin\AppData\Local\Temp\7zS96E4.tmp\mi0ub2gOLT7GaYi.exe
    Filesize

    634KB

    MD5

    39bca0c0295e43a1d256f93c4bc41a7d

    SHA1

    163629228f4ad397c594ae4acc1162d2990f7d5f

    SHA256

    2e46c5d7d549885057d92525f35b60a19cb428600a397245e5f6ce0238b5e1cd

    SHA512

    e16570bea11aa8680f4e547f099e8c099c1654e6a3060fca871a42dffb9e256811f5aa9bba9f00dc14b218ad32b56c916987b3a270893540a0992f832bcf2a4d

    Download Submit
  • memory/380-73-0x0000000000000000-mapping.dmp
    Download
  • memory/1508-78-0x000007FEFB851000-0x000007FEFB853000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1508-77-0x0000000000000000-mapping.dmp
    Download
  • memory/1640-54-0x00000000757B1000-0x00000000757B3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1724-56-0x0000000000000000-mapping.dmp
    Download