Overview

overview

6

Static

static

714a603139...fc.dll

windows7-x64

6

714a603139...fc.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    30s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 12:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    714a603139ff5b9abab7ba91684560f129d70b3d586c909fe73a535aab546cfc.dll

  • Size

    752KB

  • MD5

    10a72bdce4aad24f9c163306b3481c93

  • SHA1

    7b8e6b6a35eed0d89dbf7c14c5840c7bd9ed7d38

  • SHA256

    714a603139ff5b9abab7ba91684560f129d70b3d586c909fe73a535aab546cfc

  • SHA512

    2aba8cc039522d4a2b87d6ecb29566ef795e5e8086b1d8934bc21f28248bbc2017da90c872cb2ec65ea7be25a49693f8649a5dfe4d530a31bb634db9971a92c5

  • SSDEEP

    12288:PTeHUbWW0A3P+JzNiOQee7AZyd9hQKzGCOR6pndt44ZWplqSt0:y0H+/BQee7SyVQK2gPCrBS

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\714a603139ff5b9abab7ba91684560f129d70b3d586c909fe73a535aab546cfc.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1088
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\714a603139ff5b9abab7ba91684560f129d70b3d586c909fe73a535aab546cfc.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:308

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/308-56-0x0000000074D61000-0x0000000074D63000-memory.dmp

    Filesize

    8KB

    Download

  • memory/308-57-0x0000000001E70000-0x0000000001F34000-memory.dmp

    Filesize

    784KB

    Download

  • memory/1088-54-0x000007FEFB801000-0x000007FEFB803000-memory.dmp

    Filesize

    8KB

    Download