Overview

overview

8

Static

static

bc313b0f2a...58.exe

windows7-x64

8

bc313b0f2a...58.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc313b0f2ab37c9c5acb7a1aaa8f24b8c0b8d1ca5f3484a0ace24eb8c6098c58.exe

  • Size

    4.0MB

  • MD5

    6f123c94ae74a44dddbab0b9e523caa5

  • SHA1

    1518ffb5bb71641f2bbeb481c243622e30100cc8

  • SHA256

    bc313b0f2ab37c9c5acb7a1aaa8f24b8c0b8d1ca5f3484a0ace24eb8c6098c58

  • SHA512

    7c8414e0dbce799c22b701bffdf0960607cb54226954a841fb8092e4da99e3db874da2f6f60f1cdaaa5667a7e0b9408564b5900f983322eb812a8f3f1a7a48ae

  • SSDEEP

    98304:RS5tXfs4xrC6DpIHq73aj9EnL6F5a+OTCoofFLpVT:Ry9r0uXotz

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 3 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc313b0f2ab37c9c5acb7a1aaa8f24b8c0b8d1ca5f3484a0ace24eb8c6098c58.exe
    "C:\Users\Admin\AppData\Local\Temp\bc313b0f2ab37c9c5acb7a1aaa8f24b8c0b8d1ca5f3484a0ace24eb8c6098c58.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:364
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.x64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1760
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.x64.dll"
        3⤵
        • Registers COM server for autorun
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:2024

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.dat
    Filesize

    4KB

    MD5

    328e8f664a703e666f767977090be67a

    SHA1

    53f2c5dc9f8e2792e684a312dc9c1bd536d480b7

    SHA256

    130fc6b46c8d1af9546c4a5a15992a156b3223ac97e332fb9ff7d7e444dedeea

    SHA512

    97903d46557241c1307714f80cf97544da77cf13fca46aef0b8cc00399c55dec483eb2f07f394e784ad7317d678ea9dca24e94fd5872af3fcc0967a624711d97

    Download Submit

  • C:\Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.tlb
    Filesize

    3KB

    MD5

    f97b95a2c07b6c926106d4e9e110f93b

    SHA1

    6b76b71705374f84d81add54fad98b6fccd78c69

    SHA256

    3dca6f9ef4c0fa2d4511ee991298a97b5847720161efb3388b5dfe28694a0a97

    SHA512

    8d2b262861d126af9874c63e890b7f963a5823825ac4479e7ea917bf6ba1bbc49ec5d7da1c0cfa79deac6ae763be38799b99e76cbe744efd9d4cc018549f225c

    Download Submit

  • C:\Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.x64.dll
    Filesize

    701KB

    MD5

    b30d08f15639c7642e6bba8187911fe9

    SHA1

    6f79350773fde83fef1b82607da0835d01a27e2a

    SHA256

    e13f07d2edc163c163511604bd7e94068839f8b39f1f14f2ed048b84a2a47954

    SHA512

    a1c350a84992d9d7ca245a0cb06150b4fddadcca3c4d9a80368c07454c35972a5beea5fb8fcecafbdf2ad9f694b68d85724c3b7476c2c52280832f35b06d852a

    Download Submit

  • \Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.dll
    Filesize

    622KB

    MD5

    8a05c343e6e5fed3c750b3d9d0066ebb

    SHA1

    22d39fe1637510c4468e9c69081f288a107b8da1

    SHA256

    4acb52ac42bd0fd0e98752d4b0c24f1922f7baf7449b88c3c431958c374b8392

    SHA512

    35e3eecbb0dbc125e0dace43cba58151b5fbb6bc627075674195ca7fe2a577f3662fc969e9b1eb3aed1ca2028c16ef36b95dec27b4fe44e7f8ded1d3d78e12d1

    Download Submit

  • \Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.x64.dll
    Filesize

    701KB

    MD5

    b30d08f15639c7642e6bba8187911fe9

    SHA1

    6f79350773fde83fef1b82607da0835d01a27e2a

    SHA256

    e13f07d2edc163c163511604bd7e94068839f8b39f1f14f2ed048b84a2a47954

    SHA512

    a1c350a84992d9d7ca245a0cb06150b4fddadcca3c4d9a80368c07454c35972a5beea5fb8fcecafbdf2ad9f694b68d85724c3b7476c2c52280832f35b06d852a

    Download Submit

  • \Program Files (x86)\TTInyWalleett\mX2JzD9h7gGJpN.x64.dll
    Filesize

    701KB

    MD5

    b30d08f15639c7642e6bba8187911fe9

    SHA1

    6f79350773fde83fef1b82607da0835d01a27e2a

    SHA256

    e13f07d2edc163c163511604bd7e94068839f8b39f1f14f2ed048b84a2a47954

    SHA512

    a1c350a84992d9d7ca245a0cb06150b4fddadcca3c4d9a80368c07454c35972a5beea5fb8fcecafbdf2ad9f694b68d85724c3b7476c2c52280832f35b06d852a

    Download Submit

  • memory/364-54-0x0000000075131000-0x0000000075133000-memory.dmp

    Filesize

    8KB

    Download

  • memory/364-55-0x0000000000240000-0x00000000002E4000-memory.dmp

    Filesize

    656KB

    Download

  • memory/1760-61-0x0000000000000000-mapping.dmp

    Download

  • memory/2024-65-0x0000000000000000-mapping.dmp

    Download

  • memory/2024-66-0x000007FEFB6B1000-0x000007FEFB6B3000-memory.dmp

    Filesize

    8KB

    Download