Overview

overview

8

Static

static

7550f960ae...e8.exe

windows7-x64

8

7550f960ae...e8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/11/2022, 20:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7550f960aea7eba2fc1a2654e18d6bfe6e9434dbdccd9adb75bea16c0cc8cfe8.exe

  • Size

    4.8MB

  • MD5

    56c9d8c19834e72c22912d4605c0a94d

  • SHA1

    69f90506f9658867800fe159b0aa5723ccd57326

  • SHA256

    7550f960aea7eba2fc1a2654e18d6bfe6e9434dbdccd9adb75bea16c0cc8cfe8

  • SHA512

    0ff080770aadc32a7c8fd9a1d0de81ac489de379ff174f464851e4ae92bcad60b35db1fb9e11af3eab86839cef4af22e0c41dd91494b4806488755657018c252

  • SSDEEP

    49152:+HE2e4xYhsbm61Lcdpu/QnjNGzK5SynTVMgQZHEPEQW/ZVG2nnjEo4flgKCFJRI:+kz4CcLNYJ1SynTVMgQZHhvGGE5

Score
8/10
adwarediscoverypersistencespywarestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs 4 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops Chrome extension 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 8 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 8 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\7550f960aea7eba2fc1a2654e18d6bfe6e9434dbdccd9adb75bea16c0cc8cfe8.exe
    "C:\Users\Admin\AppData\Local\Temp\7550f960aea7eba2fc1a2654e18d6bfe6e9434dbdccd9adb75bea16c0cc8cfe8.exe"
    1⤵
    • Loads dropped DLL
    • Drops Chrome extension
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:1752
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s "C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.x64.dll"
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2636
      • C:\Windows\system32\regsvr32.exe
        /s "C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.x64.dll"
        3⤵
        • Registers COM server for autorun
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies Internet Explorer settings
        • Modifies registry class
        PID:4232
  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
    1⤵
      PID:5116
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
      1⤵
        PID:4504

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.dat
              Filesize

              3KB

              MD5

              aa8083671da98dc9b77c547321b6c3b4

              SHA1

              01e117c98f72c85ad1bb81d288a42b961afd0dc7

              SHA256

              b1e1e05eca9d5f9ca7a979c70ade2b65dfb4d03da501b9bbc99de8b4926be7ec

              SHA512

              3389ffd0c706ed34194b60d2330a3bddaf0989d6015f3cb0be911fed6f206ad2b7e3ef57daa60f2ed80f6eb915b7e2579d24fa36acd2f47ecea4df895ef5b759

              Download Submit

            • C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.dll
              Filesize

              747KB

              MD5

              cbe2eb6d404c744ac667727d74bb0ceb

              SHA1

              cb11134bc9376a6a47016fe09583a49bf314269e

              SHA256

              9801a200612cf4a29a95943fb41f480b1a8a29ab0a86d168dd83d72e10685f5d

              SHA512

              b3ac699dc63d181ae46158f907f67054e0c52045144813284eeb8523ee088cb8ec9d08a3494f8a22032b0790c35736d6ec8a80f377a29bf42c2a9173e52f7ae3

              Download Submit

            • C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.tlb
              Filesize

              3KB

              MD5

              f3fa1e536e1bdf324ab61e2abc2c1872

              SHA1

              f11424bc0be229ef235a64fb2b2ea028efdf0612

              SHA256

              491f3107ad4d2f4d1c436b98f96b41d7b1f1cbf9beb34b0706e985f47450e694

              SHA512

              9b8350742e11e179d191e9269f09e4dfba9629f53494095fba84f98ddf7bba21fbb0cf03280405f1bc02ad2559919f74d026ad83a131e3d3ab2c07f546ee4c57

              Download Submit

            • C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.x64.dll
              Filesize

              879KB

              MD5

              6e4bca2ab153ee64f562288099da9fae

              SHA1

              7f49983b76fbaf390943336bb5980e415ef4335e

              SHA256

              3d965ccaf20c53373ff1de612a51b410a6126e47a8c045a56c33db8820da2c39

              SHA512

              d522e0106a5a96375407957196d998c516a3ad930a47dac233f6dc2eb38408735ce7eb6f1c9625c554f57c856e38609271e5362eb4473e1833611c0916d9cfe4

              Download Submit

            • C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.x64.dll
              Filesize

              879KB

              MD5

              6e4bca2ab153ee64f562288099da9fae

              SHA1

              7f49983b76fbaf390943336bb5980e415ef4335e

              SHA256

              3d965ccaf20c53373ff1de612a51b410a6126e47a8c045a56c33db8820da2c39

              SHA512

              d522e0106a5a96375407957196d998c516a3ad930a47dac233f6dc2eb38408735ce7eb6f1c9625c554f57c856e38609271e5362eb4473e1833611c0916d9cfe4

              Download Submit

            • C:\Program Files (x86)\SmartOnes\cZAEejhKamz2HW.x64.dll
              Filesize

              879KB

              MD5

              6e4bca2ab153ee64f562288099da9fae

              SHA1

              7f49983b76fbaf390943336bb5980e415ef4335e

              SHA256

              3d965ccaf20c53373ff1de612a51b410a6126e47a8c045a56c33db8820da2c39

              SHA512

              d522e0106a5a96375407957196d998c516a3ad930a47dac233f6dc2eb38408735ce7eb6f1c9625c554f57c856e38609271e5362eb4473e1833611c0916d9cfe4

              Download Submit

            • memory/1752-132-0x0000000003450000-0x0000000003518000-memory.dmp

              Filesize

              800KB

              Download