Overview

overview

6

Static

static

8a7db7c6a9...28.dll

windows7-x64

6

8a7db7c6a9...28.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    161s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 05:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a7db7c6a9d7d70109e840a11fdd50a5df03b8da91304f558addc4f61cf1ff28.dll

  • Size

    64KB

  • MD5

    db4724718c0f21697cc592b4097521c0

  • SHA1

    0f80be3210ba3dd57ef92ad3c1dabd29d7d6bad8

  • SHA256

    8a7db7c6a9d7d70109e840a11fdd50a5df03b8da91304f558addc4f61cf1ff28

  • SHA512

    467bef51d3bb6e3135d52dcfd00dd58f0f3c7ddf090fd1f6640d766d11ac4c3ab5b23039b7334cc072fead2c2ec6c9ceaaeb89cbfa486b91110a16fdbb1aed54

  • SSDEEP

    1536:u72Y5/aCZ1AYe33mJNRGx+E8ijfPUITIp:zK1A0LG4ijf8IT6

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a7db7c6a9d7d70109e840a11fdd50a5df03b8da91304f558addc4f61cf1ff28.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\8a7db7c6a9d7d70109e840a11fdd50a5df03b8da91304f558addc4f61cf1ff28.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:4320
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 888
        3⤵
        • Program crash
        PID:4872
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4320 -ip 4320
    1⤵
      PID:1900

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Browser Extensions

    1
    T1176

    Privilege Escalation

    Defense Evasion

    Modify Registry

    2
    T1112

    Credential Access

    Discovery

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4320-132-0x0000000000000000-mapping.dmp
      Download