Overview

overview

8

Static

static

467d7ca0ee...ea.exe

windows7-x64

8

467d7ca0ee...ea.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    47s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 22:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    467d7ca0ee0a19f60665e9709a3c4a0475dd6dbd49deebfa4ed8ca7fe5f320ea.exe

  • Size

    3.8MB

  • MD5

    b916286a7d10c0f991429563d7d1b06c

  • SHA1

    67f3ae2e0798cf6551ba7fa7b3a16ddb45c0115e

  • SHA256

    467d7ca0ee0a19f60665e9709a3c4a0475dd6dbd49deebfa4ed8ca7fe5f320ea

  • SHA512

    d76f91053777b7d6e07561c5c70c15fe94628c7d9a139c15d1e39c25c8fe61299bea196a715094cfba1856dd505001746c23a3f64f45a5b57f7ece25dd2e4045

  • SSDEEP

    98304:XH7yls78W9+aK5BkAOvO9HZefjS8/UFtiJ5J:XH7yls7tA3pZefj1

Score
8/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\467d7ca0ee0a19f60665e9709a3c4a0475dd6dbd49deebfa4ed8ca7fe5f320ea.exe
    "C:\Users\Admin\AppData\Local\Temp\467d7ca0ee0a19f60665e9709a3c4a0475dd6dbd49deebfa4ed8ca7fe5f320ea.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1204
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.x64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1680
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.x64.dll"
        3⤵
        • Registers COM server for autorun
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.dat
    Filesize

    3KB

    MD5

    2d8d8f87b270ed9fe233718ea2f96c33

    SHA1

    f387dc4fbf9347940c75b89583bece87ebac1da0

    SHA256

    6f58208c106cbdcb09fa05bc2cbbf7f63e96f373601452ccb3c78b0582741290

    SHA512

    6261ef7f58a9f565584fa9cc036977f3f3701535fca39c7d4b9d91aa77fa76cd29c2b3f4a37ae168375217e7effef84143d489c58454778f3bc7c68346cc4351

    Download Submit

  • C:\Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.tlb
    Filesize

    3KB

    MD5

    4f10ec1039aef56bdfc26e48d57461b3

    SHA1

    f3dedd15bab08bad8d418f2f7b892defb357670b

    SHA256

    98362dd931236aa92fb7ebd4dcb56986dfc8f5471d48105ab47e3b57249e2eb8

    SHA512

    4162289976a8eeb362bcc3f8f8f54cabdc4d4bff9e91f2bee211c748fc43e47b1a51a54b85aebcc24a79471790aa98ca81ede7a40d946cd00df601762e83f6b3

    Download Submit

  • C:\Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.x64.dll
    Filesize

    692KB

    MD5

    dd6c687a7bc8036ff03c493edaf43fea

    SHA1

    cc4258585f61d57dd465270dbb7c0d82a2021a5f

    SHA256

    8bb13e80a99d9631efc47771fa8ee332d880acdc4e1baaabc2ad17c16823091c

    SHA512

    084f49f3b7a76b23a73b2957d227c953903e270f74bf1d7405a5d68e2f716b52db7e7e156469de5425125a3a27856e2e97172279cba70a213f5ba33188cacc8c

    Download Submit

  • \Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.dll
    Filesize

    611KB

    MD5

    23a76cebd4442a5c81b58da519eac909

    SHA1

    e640584aa3ce6f666098e4b3c69203e1d7484548

    SHA256

    426cf8cfba58e437f1add68a6e8072b773b19e1fb4cad0ee3a065ba2358d06de

    SHA512

    e192b47cbb2ef9f91637cb370866b2233c00c36e5fae5d72ca9da4f478a113fb65128456cd75c57134192deb6157e4c5e3379c19d448ce9364444b37660d2fbd

    Download Submit

  • \Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.x64.dll
    Filesize

    692KB

    MD5

    dd6c687a7bc8036ff03c493edaf43fea

    SHA1

    cc4258585f61d57dd465270dbb7c0d82a2021a5f

    SHA256

    8bb13e80a99d9631efc47771fa8ee332d880acdc4e1baaabc2ad17c16823091c

    SHA512

    084f49f3b7a76b23a73b2957d227c953903e270f74bf1d7405a5d68e2f716b52db7e7e156469de5425125a3a27856e2e97172279cba70a213f5ba33188cacc8c

    Download Submit

  • \Program Files (x86)\GaoSAvea\0JqO2WTtgbDGHf.x64.dll
    Filesize

    692KB

    MD5

    dd6c687a7bc8036ff03c493edaf43fea

    SHA1

    cc4258585f61d57dd465270dbb7c0d82a2021a5f

    SHA256

    8bb13e80a99d9631efc47771fa8ee332d880acdc4e1baaabc2ad17c16823091c

    SHA512

    084f49f3b7a76b23a73b2957d227c953903e270f74bf1d7405a5d68e2f716b52db7e7e156469de5425125a3a27856e2e97172279cba70a213f5ba33188cacc8c

    Download Submit

  • memory/268-66-0x0000000000000000-mapping.dmp

    Download

  • memory/268-67-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1204-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1204-55-0x0000000000990000-0x0000000000A31000-memory.dmp

    Filesize

    644KB

    Download

  • memory/1680-62-0x0000000000000000-mapping.dmp

    Download