Overview

overview

9

Static

static

9

cdc496a1bc...6c.dll

windows7-x64

9

cdc496a1bc...6c.dll

windows10-2004-x64

9

Analysis

  • max time kernel
    135s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 07:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cdc496a1bc0c2b99e7e267a51937e1b5191eab820e8985742b746c361b35be6c.dll

  • Size

    150KB

  • MD5

    44cd3b5529f074b2baa39c5ac6f0748a

  • SHA1

    10775048a2fe7c96107b353afa7cdb8a07187585

  • SHA256

    cdc496a1bc0c2b99e7e267a51937e1b5191eab820e8985742b746c361b35be6c

  • SHA512

    284a1c65f29b3f6fdd2dba9b1fa0de313e91143a1fbdc59b77d4bea53cba8a6148c2362431bde6f65cea0daeb8df73ff2482383bf98dc89171f2140cd9da6acb

  • SSDEEP

    3072:28UWFHc46dYAaL3qHdkPh8DTe8LT1pfi3O9ZbVvjN8kj:28bFHcuLaHdqem8fiqVvjNTj

Score
9/10
adwarestealerupx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 17 IoCs
    adwarespyware
  • Modifies registry class 51 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cdc496a1bc0c2b99e7e267a51937e1b5191eab820e8985742b746c361b35be6c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1424
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cdc496a1bc0c2b99e7e267a51937e1b5191eab820e8985742b746c361b35be6c.dll,#1
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Drops file in System32 directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:4088

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\nbwebsafe.dll
    Filesize

    52KB

    MD5

    d96891279495d565ba852b6615070316

    SHA1

    a9612a47959124f1242278bb89b37a7c568125aa

    SHA256

    7fd7dac892255b440672854730295b3ca69faefc600715a44ab930d7584fca00

    SHA512

    0ed55d9270645c66ae84ae1d13a542b669c0bd5f7068f2db19c60ea880c6a4b25f708671027cc70a69233ae2af5c4d7f312c34d6bf471d81671f65cd05247448

    Download Submit

  • C:\Windows\SysWOW64\nbwebsafe.dll
    Filesize

    52KB

    MD5

    d96891279495d565ba852b6615070316

    SHA1

    a9612a47959124f1242278bb89b37a7c568125aa

    SHA256

    7fd7dac892255b440672854730295b3ca69faefc600715a44ab930d7584fca00

    SHA512

    0ed55d9270645c66ae84ae1d13a542b669c0bd5f7068f2db19c60ea880c6a4b25f708671027cc70a69233ae2af5c4d7f312c34d6bf471d81671f65cd05247448

    Download Submit

  • memory/4088-133-0x0000000010000000-0x0000000010053000-memory.dmp

    Filesize

    332KB

    Download

  • memory/4088-136-0x00000000011C0000-0x00000000011E3000-memory.dmp

    Filesize

    140KB

    Download

  • memory/4088-137-0x00000000011C0000-0x00000000011E3000-memory.dmp

    Filesize

    140KB

    Download