Overview

overview

7

Static

static

3

1b3d6761c4...79.exe

windows7-x64

7

1b3d6761c4...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    130s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 23:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b3d6761c4d5a29ba06662bcfb948f79.exe

  • Size

    153KB

  • MD5

    1b3d6761c4d5a29ba06662bcfb948f79

  • SHA1

    353c0da8a89592377c5e3aed876360de3a5e23df

  • SHA256

    3d520333c062cd604b56557d35621f619b4d977db508ad341dd58787f1de26c5

  • SHA512

    d3375467b7cafe0e3da6dde7f24b87c8c744720b0ec9c6ad8ad98a4a2ca57a037ec8d866988135504ff14ad1b603ec0be0b24a9875a7d0abf83f585ec102ba73

  • SSDEEP

    3072:/pAn63wDSVI+XDdqAztqlpCL1CrsJFHEKQ/wyYHKuizxaZD1kZO+qJc+C:/pAnLDSVB5ZqlpCL1CekDwFq3zihcO+1

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b3d6761c4d5a29ba06662bcfb948f79.exe
    "C:\Users\Admin\AppData\Local\Temp\1b3d6761c4d5a29ba06662bcfb948f79.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\BTAGServic.dll
    Filesize

    51KB

    MD5

    4e3ba810a0891f46c54e7b61193e77ca

    SHA1

    656ddaf8d479372c9eafedd47f98bba7c07abac4

    SHA256

    f1ab0a36fb89806e45926e5bd31243ac2e674f99ed8787ff04e17bc0eb4beb68

    SHA512

    1d16b7520745a3cea85bbb19a82a99e052626b27a2400bcd4e69bfe38f8300563e724179d6fd66a81c176f6e394aa77a15657db3fcd089c18346030f2fefb867

    Download Submit

  • C:\Windows\SysWOW64\BTAGServic.dll
    Filesize

    36KB

    MD5

    8eaeedd3c8be2af1a50454e5f1080046

    SHA1

    0a3ef046190114fac65071cdfeeb3153d948f5f9

    SHA256

    a0b88e045a548aa4cfe6de92b308f52d1295f1fea9647363443e1d4bb402213b

    SHA512

    5fca203965ed54776cec22680009912acdc167baac569a23ccef8e253a667a2017070463e9e3592a5240415a8fb4121d0fe8565d51c439c5e0917c9a4f7f59b5

    Download Submit

  • memory/680-2-0x00000000005D0000-0x00000000005F4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/680-8-0x00000000021B0000-0x00000000021F0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/680-7-0x00000000021B0000-0x00000000021F0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/680-4-0x00000000021B0000-0x00000000021F0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/680-10-0x00000000005D0000-0x00000000005F4000-memory.dmp

    Filesize

    144KB

    Download

  • memory/680-9-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB

    Download