Overview

overview

6

Static

static

cb77944660...6f.dll

windows7-x64

6

cb77944660...6f.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    185s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2022 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb779446600402fa7f5cf0a5b4b15eb8ea27bf200141a7f2cdf313e7d6d68a6f.dll

  • Size

    374KB

  • MD5

    84f789900628b350a7e0e28b6aca58a9

  • SHA1

    19fe4b9111bb6d3fecf2b4d28941056bc2416ee7

  • SHA256

    cb779446600402fa7f5cf0a5b4b15eb8ea27bf200141a7f2cdf313e7d6d68a6f

  • SHA512

    16ea706a319610e59db8ac8dc9ef38c6f008ac7ccacbef640d2030dc0d9315edff119a78fe66a5909bfae02f0b696555ca2b03ab683fc634652224669d16a200

  • SSDEEP

    6144:F9alH6kApcfgM0frvw/f7/zKLR52OCgToSf8k2pEvqyYP/dXPPF0Tn/sVt6xvjS:CNZrN+wnaF52OC+f8dioP1XGTn/qgvu

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cb779446600402fa7f5cf0a5b4b15eb8ea27bf200141a7f2cdf313e7d6d68a6f.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3792
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\cb779446600402fa7f5cf0a5b4b15eb8ea27bf200141a7f2cdf313e7d6d68a6f.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-132-0x0000000000000000-mapping.dmp

    Download

  • memory/1660-134-0x0000000001F80000-0x0000000002119000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1660-133-0x0000000001F80000-0x0000000002119000-memory.dmp

    Filesize

    1.6MB

    Download