Overview

overview

8

Static

static

29023d4b5b...24.exe

windows7-x64

8

29023d4b5b...24.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    29023d4b5bc179778e8e83d916c0e15a89ea4fac03fe9990629a445aa717dc24.exe

  • Size

    3.5MB

  • MD5

    43196de1ea54e3385d854d99d9d02230

  • SHA1

    84a1e0d33397e0467ec03141a44d4b440ba3d4c1

  • SHA256

    29023d4b5bc179778e8e83d916c0e15a89ea4fac03fe9990629a445aa717dc24

  • SHA512

    f04fd0f06c0ef14847c77862c021cfbe77ac55c34293bc56c590affec204a5b27fb0e62633b07b458eeb2ea3c980fd49529e12aa3bdd68e7ed2f9b74d93b26f5

  • SSDEEP

    49152:ScboYAWt7MukxmEUa0G6hnl9nkyb3BeZitUQ47nNRsD0rIDS4olxfvQtqGdzL8ql:D8YAWbIeEitd4Zmo8DBGxfvudAy1zg

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\29023d4b5bc179778e8e83d916c0e15a89ea4fac03fe9990629a445aa717dc24.exe
    "C:\Users\Admin\AppData\Local\Temp\29023d4b5bc179778e8e83d916c0e15a89ea4fac03fe9990629a445aa717dc24.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1992
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.x64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1392
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.x64.dll"
        3⤵
        • Registers COM server for autorun
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2032

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.dat
    Filesize

    4KB

    MD5

    d2c4827a0a3add9d0053c13967ce311f

    SHA1

    a9a11f3b1c150b22b5ce2f19ad02daf74782c69a

    SHA256

    33baa0e4a921c48ff5ce540d9dfccf99865a5dc850d504e893fd96866662f7b4

    SHA512

    17a97d012cb915c2dc1e073bec9ee341bb272f7b4e8361392e97bcbcefaec8acf71bdf4596bb4c8ba66575b3658e31fc379fcbdbf1e4c6283afc190bd56db978

    Download Submit

  • C:\Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.tlb
    Filesize

    3KB

    MD5

    69f83b6fbfb0b8bcd41fd7526c15f0f8

    SHA1

    6e77c6a9db881c687513fca345f7014a34581fbd

    SHA256

    138bbb7b27e2101e06fd2ee40807bf0cf5092c706b63f20275cb0acd5ca4ddd4

    SHA512

    e266fc64bd30a7e070089c2a0dca878a482c49b6069adf2fbe08e87584298d75960846845c1f207d2784a652e34908997aabcdacfd11956cca21df42bc13fcdd

    Download Submit

  • C:\Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.x64.dll
    Filesize

    704KB

    MD5

    b006dc4fc0353a50f457e148a8783482

    SHA1

    df404fe8ca7df2a6cf389db2e64cbde87da702ea

    SHA256

    11f47eb93788cb172f91b1edd66d590011bde04c328733f18fd93e7391b0e116

    SHA512

    345128159a96f6e085a212cd9b81a17487c2bf3c0e57e70683a498aa79cd012b40349cd4414622094d6b425cd99070e2d43a9052b8c65bffd75a374e585d0e05

    Download Submit

  • \Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.dll
    Filesize

    623KB

    MD5

    2f700827f71ba8d02b87b1145bde267e

    SHA1

    a3264aa5c20eea8279b82283d98410f9c3491865

    SHA256

    1d5544b85315e47c0dfbf7bf6a037ed4c66f7f3ac192da07352d574526393b1f

    SHA512

    ff50314ff77b859688dad9c8a73de194d05fc56f11ed6b4996d61f85f3fa138d13270f8f0283f88642d5886e15fc7a2924f0c42da2d40b8f4b563a29ed15b181

    Download Submit

  • \Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.x64.dll
    Filesize

    704KB

    MD5

    b006dc4fc0353a50f457e148a8783482

    SHA1

    df404fe8ca7df2a6cf389db2e64cbde87da702ea

    SHA256

    11f47eb93788cb172f91b1edd66d590011bde04c328733f18fd93e7391b0e116

    SHA512

    345128159a96f6e085a212cd9b81a17487c2bf3c0e57e70683a498aa79cd012b40349cd4414622094d6b425cd99070e2d43a9052b8c65bffd75a374e585d0e05

    Download Submit

  • \Program Files (x86)\PricueLesss\qHRGlNLHI6zUIk.x64.dll
    Filesize

    704KB

    MD5

    b006dc4fc0353a50f457e148a8783482

    SHA1

    df404fe8ca7df2a6cf389db2e64cbde87da702ea

    SHA256

    11f47eb93788cb172f91b1edd66d590011bde04c328733f18fd93e7391b0e116

    SHA512

    345128159a96f6e085a212cd9b81a17487c2bf3c0e57e70683a498aa79cd012b40349cd4414622094d6b425cd99070e2d43a9052b8c65bffd75a374e585d0e05

    Download Submit

  • memory/1992-54-0x0000000074F01000-0x0000000074F03000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1992-55-0x00000000004F0000-0x0000000000594000-memory.dmp

    Filesize

    656KB

    Download

  • memory/2032-72-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmp

    Filesize

    8KB

    Download