Overview

overview

7

Static

static

96a772b1f1...2d.exe

windows7-x64

7

96a772b1f1...2d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    191s
  • max time network
    202s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96a772b1f1b38a5a8c68c05775c684c23c6136664f0be4469c3f2a18544c932d.exe

  • Size

    109KB

  • MD5

    2ccf717bacef5498722b4022bb5abe30

  • SHA1

    66d9084599817201c72994ee46473d7e9621dcc5

  • SHA256

    96a772b1f1b38a5a8c68c05775c684c23c6136664f0be4469c3f2a18544c932d

  • SHA512

    e107f5627491ee29a6a164f8c2cee188a7ff25c0c00cf0c09df082168432c9fb58a4b79719acb427cf649208e876ee9b66dfbfd8dbd184a32fc79ed7c590b1d3

  • SSDEEP

    3072:ymeDmBqskJXmhkQjohQxstz5G6pBHh09:y8wmhBilVvpB+

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96a772b1f1b38a5a8c68c05775c684c23c6136664f0be4469c3f2a18544c932d.exe
    "C:\Users\Admin\AppData\Local\Temp\96a772b1f1b38a5a8c68c05775c684c23c6136664f0be4469c3f2a18544c932d.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\CPUSH\cpush.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1656

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\CPUSH\cpush.dll
    Filesize

    160KB

    MD5

    58ef422267739f7ba81e81bd4bb63f57

    SHA1

    03a3bbeb2753c04bf3bdff8dac9bca2b2613c488

    SHA256

    2ef3e5aa37e2467df187c7a838bd6a77b4509b9885cdaa9201774c330e71e22f

    SHA512

    5373aad18fb2858a9245ac76174842f279511c00b5188791ed885d02b0c648d9811167f4fa3a537a31b67b199fdc6fbd7041e16177ddfc3410e5f29105c4c519

    Download Submit

  • C:\Program Files (x86)\Common Files\CPUSH\cpush.dll
    Filesize

    160KB

    MD5

    58ef422267739f7ba81e81bd4bb63f57

    SHA1

    03a3bbeb2753c04bf3bdff8dac9bca2b2613c488

    SHA256

    2ef3e5aa37e2467df187c7a838bd6a77b4509b9885cdaa9201774c330e71e22f

    SHA512

    5373aad18fb2858a9245ac76174842f279511c00b5188791ed885d02b0c648d9811167f4fa3a537a31b67b199fdc6fbd7041e16177ddfc3410e5f29105c4c519

    Download Submit

  • memory/1656-132-0x0000000000000000-mapping.dmp

    Download