71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8

Analysis

max time kernel
41s
max time network
68s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:54

Target

71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8.exe
Size

474KB
MD5

592ee8d9f8a90564393b967104795602
SHA1

818a266f73af0d91bc7a9d2e88ade0aa306c6262
SHA256

71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8
SHA512

81b74ec7b5eb743ce96c62b0ee00064593ded66d9b8edffd0dd94ff23231ba1edfa1936bd82959bfbf9fc7f9b49b632d71d5de4e1d4dda85502001f3f276c2c1
SSDEEP

12288:kVnB80QmjZxwL31G/JP4kjcDsm98C11Z2+:kBamj4LFyQUm9JjZ2

Score

6^/10

adware stealer

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

Modify Registry

Browser Extensions

Processes:

71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8.exe

C:\Users\Admin\AppData\Local\Temp\71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8.exe
"C:\Users\Admin\AppData\Local\Temp\71fa9fb59fbd3ee552677334f692dbfa9dee7506edb80a703c96c5469328f9d8.exe"
1⤵
- Installs/modifies Browser Helper Object
PID:1536

Initial Access

Execution

Persistence

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

memory/1536-54-0x0000000075C31000-0x0000000075C33000-memory.dmp

Filesize
8KB

Download