ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5

Analysis

max time kernel
41s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 16:07

Sharing

Copy URL

Twitter E-mail

Reason

Reading agent response: Timeout while submitting payload

Report Analysis Logs

General

Target

ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Size

15KB
MD5

6b492ee589c5bf3f3a1cfb3228924a91
SHA1

d9b776d0aaf78b7fa92f6156c91778a840c16725
SHA256

ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5
SHA512

d5a931955567ed90ee8852e8bf0aa1b3c9d2b916bb597d36cac6e80f9676f83ea36a11207c7be364c4e97701c00784ca9b81518cb51daf83b1d38e5170314ca5
SSDEEP

384:P2BmcH+HUWI+WCkKW3a7FTZ7YUWogv0vELa:eBmyUErcY1ogkE+

Score

8^/10

adware stealer upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1004-54-0x0000000000400000-0x0000000000409000-memory.dmp	upx

Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF3A4E11-2F63-35EF-D6BC-F3646308105D}	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{AF3A4E11-2F63-35EF-D6BC-F3646308105D}\ = "Data Tracker"	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gowtae32.dll	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF3A4E11-2F63-35EF-D6BC-F3646308105D}\InProcServer32	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF3A4E11-2F63-35EF-D6BC-F3646308105D}	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF3A4E11-2F63-35EF-D6BC-F3646308105D}\InProcServer32\ = "C:\\Windows\\SysWow64\\gowtae32.dll"	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AF3A4E11-2F63-35EF-D6BC-F3646308105D}\InProcServer32\ThreadingModel = "Apartment"	ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe

C:\Users\Admin\AppData\Local\Temp\ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe
"C:\Users\Admin\AppData\Local\Temp\ab5c91dff5d64f2a1d624f33df93c303b43effc39a3261f5c8facd18fdb01fe5.exe"
1⤵
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Modifies registry class
PID:1004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1004-54-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads