Overview

overview

8

Static

static

3

08f5d1a05d...6c.exe

windows7-x64

8

08f5d1a05d...6c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2023 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08f5d1a05d860f1fffe51c04ff266f6c.exe

  • Size

    24KB

  • MD5

    08f5d1a05d860f1fffe51c04ff266f6c

  • SHA1

    103d0d83cc61950abd9a165fb5c11e95c0128cf4

  • SHA256

    cfe1db58d45cd01cf2362e48cd09c2f1a9d7a60b0ede7d6a7eb3c11bc33bfb1a

  • SHA512

    6c10806f745238ed3d2373849ba9216116cc3a85e0f41a092ee616a1b4e93e3fa37140259ff53e2e1d4807f7b8efb981201acb3248b9729d7c7d2415c43812f4

  • SSDEEP

    768:UbygN8hKoVctW0c+LY2U3XcxyyHTC0epVUtmg:9cqrVio0Ydjyr13

Score
8/10
adwarediscoverystealer

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 18 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08f5d1a05d860f1fffe51c04ff266f6c.exe
    "C:\Users\Admin\AppData\Local\Temp\08f5d1a05d860f1fffe51c04ff266f6c.exe"
    1⤵
    • Drops file in Drivers directory
    • Checks computer location settings
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:516
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\eadc.bat "C:\Users\Admin\AppData\Local\Temp\08f5d1a05d860f1fffe51c04ff266f6c.exe"
      2⤵
        PID:64

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\19.043.0304[1].json
      Filesize

      1B

      MD5

      93b885adfe0da089cdf634904fd59f71

      SHA1

      5ba93c9db0cff93f52b521d7420e43f6eda2784f

      SHA256

      6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

      SHA512

      b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\eadc.bat
      Filesize

      70B

      MD5

      677931564938373367422e56cdf23934

      SHA1

      fb077020992d9fa49a901d3b64c3d9ce5bb88b35

      SHA256

      2d8efe1526fa203539bc77da8570b4cb38d5a63836a76d2379b7b506d0a67ee0

      SHA512

      808e177716911a5b975449b55df4fe1fc97cdb929be621fe541a7dfe7dce3362039214fe1ab4760c4d67aafe8a12308d04e5a40dc028b848c154f3e3f2d120ba

      Download Submit

    • C:\Windows\SysWOW64\peoehf.dll
      Filesize

      31KB

      MD5

      00d4bd9ccaaa70133eaaac0c1fc31979

      SHA1

      577fcaf44328e2a585822171c6321db5f0901341

      SHA256

      4a24d6ae5b816e2e2502b805f1d19bac857d67a64911acee4a211c864168620b

      SHA512

      8a79c36ed3bd5eca6bbc53c46b43189702acfc69743e9f1e4b849d08940d34eef1a0d00b354da7252a8e877e04716ceed42a6e0c2237044c2a836b0afcab742c

      Download Submit

    • memory/516-6-0x0000000010000000-0x000000001000B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/516-13-0x0000000075690000-0x0000000075AE0000-memory.dmp

      Filesize

      4.3MB

      Download

    • memory/516-14-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/516-16-0x0000000075690000-0x0000000075AE0000-memory.dmp

      Filesize

      4.3MB

      Download

    • memory/516-18-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/516-70-0x0000000075690000-0x0000000075AE0000-memory.dmp

      Filesize

      4.3MB

      Download