Overview

overview

8

Static

static

f73ca1f660...a9.exe

windows7-x64

8

f73ca1f660...a9.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    44s
  • max time network
    100s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f73ca1f6605d938ddd8576c78ffa87520088f62cef0d33bee2309e510c43f0a9.exe

  • Size

    3.6MB

  • MD5

    d9709e07bad3a51f74e405e7d205930e

  • SHA1

    091e27f7b611d782fdca13fe4d596053b1a06d58

  • SHA256

    f73ca1f6605d938ddd8576c78ffa87520088f62cef0d33bee2309e510c43f0a9

  • SHA512

    f3ba5333d9c76495d821ada26cb06688b227b01c9d0e26ad3ad32394403c308054de182402ccb3a6945478c67426d952c23a7875f8e7c6dc6463479c26770809

  • SSDEEP

    49152:4c+vtjC4APehCOB8GznyXAsxzdmHsa4Oi2+Ua4/4EMFvBIPDIEdOMktcsA:lCNdAPiB8Hvxzisa4SPF/kkEEd

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\f73ca1f6605d938ddd8576c78ffa87520088f62cef0d33bee2309e510c43f0a9.exe
    "C:\Users\Admin\AppData\Local\Temp\f73ca1f6605d938ddd8576c78ffa87520088f62cef0d33bee2309e510c43f0a9.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1628
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.x64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:604
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.x64.dll"
        3⤵
        • Registers COM server for autorun
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:1948

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.dat
    Filesize

    4KB

    MD5

    7d263b9d1465f19015c7a0e05e8d508a

    SHA1

    83a62159752e931dea0de6a9db0029e347732dd0

    SHA256

    de1d18e57b3f1f75f6b3aa3e9aa1c5e261c9f4b14790019b8995780b596edde4

    SHA512

    1d23dffd3ee98cbd074f33046e5bafbcf45834573770cbf1bd69f42c34e511f8c374b4d3a9bc9196d938bbc6c52a6877be27405805be5754f3c8caca3941365f

    Download Submit

  • C:\Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.tlb
    Filesize

    3KB

    MD5

    b85e28ebb05db1bc98791f4ca29f89c3

    SHA1

    35255fda88e100483eea0a4d11303f68e3e37dad

    SHA256

    0f60549d695da16be688d5e4ab87ae734788c08d115023a2795f299f2b443c20

    SHA512

    655a7f6cdb3ae49333d0fb7a3c0f8f216c278e021b94783e7d5ff3c5b8b88cdf72424621d4831b7a339163e4d23cf3b00b5d0bc0c6a1c5fcffb92cbf6ec9a02a

    Download Submit

  • C:\Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.x64.dll
    Filesize

    694KB

    MD5

    295488797e3d9cc86059e14a22549c5b

    SHA1

    d01b332f2841a49dfc2bf37776921bc81de30bf2

    SHA256

    8a1af1647f2f95af8c953ac621629af8ffb860b4230fabef216bed97a6f897d2

    SHA512

    935f1f26a198cea3c2554405e3253cd28b9ffeb5faeebcd2eff3e2ac951c2339d2fafff561a6b175d7ccff4259ae62df99503ed66e418e5a10e0a12357eae75e

    Download Submit

  • \Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.dll
    Filesize

    615KB

    MD5

    ff5e433c6f29178bac73bb59690388e9

    SHA1

    c1ffbcdf7bfc725cbfe6dca5920d88491ea445b0

    SHA256

    f628bed0e2bbba0d403442a9d4ec81b5836b41545498e0e9b6633ed40689c861

    SHA512

    10f18270ae3002f8c428c8937bc5f88a2d06c8973c74ef34bd5ae16b346d658d57944aed459eff154eb1942bded03cc248d706feb18975f5b8107dd640661be6

    Download Submit

  • \Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.x64.dll
    Filesize

    694KB

    MD5

    295488797e3d9cc86059e14a22549c5b

    SHA1

    d01b332f2841a49dfc2bf37776921bc81de30bf2

    SHA256

    8a1af1647f2f95af8c953ac621629af8ffb860b4230fabef216bed97a6f897d2

    SHA512

    935f1f26a198cea3c2554405e3253cd28b9ffeb5faeebcd2eff3e2ac951c2339d2fafff561a6b175d7ccff4259ae62df99503ed66e418e5a10e0a12357eae75e

    Download Submit

  • \Program Files (x86)\PriiceLess\txDyo9Y5LyQOTt.x64.dll
    Filesize

    694KB

    MD5

    295488797e3d9cc86059e14a22549c5b

    SHA1

    d01b332f2841a49dfc2bf37776921bc81de30bf2

    SHA256

    8a1af1647f2f95af8c953ac621629af8ffb860b4230fabef216bed97a6f897d2

    SHA512

    935f1f26a198cea3c2554405e3253cd28b9ffeb5faeebcd2eff3e2ac951c2339d2fafff561a6b175d7ccff4259ae62df99503ed66e418e5a10e0a12357eae75e

    Download Submit

  • memory/1628-65-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-76-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-67-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-68-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-69-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-70-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-71-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-72-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-73-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-74-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-75-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-66-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-54-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1628-64-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-63-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-62-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-55-0x0000000000200000-0x00000000002AB000-memory.dmp

    Filesize

    684KB

    Download

  • memory/1628-60-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1628-61-0x0000000000812000-0x0000000000816000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1948-83-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

    Filesize

    8KB

    Download