Overview

overview

6

Static

static

bf8814197e...79.exe

windows7-x64

6

bf8814197e...79.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    23s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 08:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bf8814197ecf17a0edc0349da6a04840826138d69e490b4c40c4cc1837a8e179.exe

  • Size

    204KB

  • MD5

    afdb49e7d001c9da644c41f962d55bf4

  • SHA1

    7c1e40cc002d44b9b007b96684b190b03522e3b2

  • SHA256

    bf8814197ecf17a0edc0349da6a04840826138d69e490b4c40c4cc1837a8e179

  • SHA512

    234a2ffe90e33bc78dd9a219a725d2d0d586200c6d1d45399f91ee80673e7361a04f96caeabde6cc3b680b0e7934589c66911a440aa0eb6a50a2235037155df8

  • SSDEEP

    6144:QBmcgGlfktsafF0isD2JGlyRrUXPei+m:wgGOtf90isaAQRqPn

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf8814197ecf17a0edc0349da6a04840826138d69e490b4c40c4cc1837a8e179.exe
    "C:\Users\Admin\AppData\Local\Temp\bf8814197ecf17a0edc0349da6a04840826138d69e490b4c40c4cc1837a8e179.exe"
    1⤵
    • Adds Run key to start application
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe /s C:\Windows\system32\bbdt2511.ocx
      2⤵
        PID:1136
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32.exe /s C:\Windows\bbdt5818.dll
        2⤵
          PID:432

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\SysWOW64\bbdt2511.ocx
              Filesize

              9B

              MD5

              d8f4a1993546cc4b850cde3599e27aec

              SHA1

              094b763b4cfcc0b05e5d040581cd513c3ca08067

              SHA256

              907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

              SHA512

              7c696247f98aa6fe4e1df001fd6029abbbccf45b122d65dfdede8f8a400cda775387c657f96bd1e4e52da7409187892b1f0786c54d835d2e44227b2e1335eaf6

              Download Submit

            • C:\Windows\bbdt5818.dll
              Filesize

              9B

              MD5

              d8f4a1993546cc4b850cde3599e27aec

              SHA1

              094b763b4cfcc0b05e5d040581cd513c3ca08067

              SHA256

              907ba78b4545338d3539683e63ecb51cf51c10adc9dabd86e92bd52339f298b9

              SHA512

              7c696247f98aa6fe4e1df001fd6029abbbccf45b122d65dfdede8f8a400cda775387c657f96bd1e4e52da7409187892b1f0786c54d835d2e44227b2e1335eaf6

              Download Submit

            • memory/1988-56-0x0000000076171000-0x0000000076173000-memory.dmp

              Filesize

              8KB

              Download