Overview

overview

7

Static

static

3

7238919053...7c.exe

windows7-x64

7

7238919053...7c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 13:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7238919053a402f5be4531891041417c.exe

  • Size

    121KB

  • MD5

    7238919053a402f5be4531891041417c

  • SHA1

    09c38e204df82ed2b2a75ff3c479c49ec3af6ea9

  • SHA256

    ca8a93c5292a120e78fdc681b00714554904a574eeb4bceff9f9f2ea8e6e8d0b

  • SHA512

    1bb6c34bd0cf7d22eee54f60fad49e1f5ac880769f1a98309b840b2eec91a0aff09d34bcad6c6d6c93ffb9baba6d247093f5f625920a8b9c84e1f555ba938ecc

  • SSDEEP

    3072:1KQXtg/sDHmJ945yBjDJT8TREntp0U2BupCv/bX//FObti:1NpujT8dYH0UIuc3h4Y

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 41 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7238919053a402f5be4531891041417c.exe
    "C:\Users\Admin\AppData\Local\Temp\7238919053a402f5be4531891041417c.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2536
    • C:\Windows\SysWOW64\regsvr32.exe
      "regsvr32.exe" "C:\Windows\AMD\google.dll" /s
      2⤵
      • Loads dropped DLL
      • Drops file in Windows directory
      • Modifies registry class
      PID:4884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsx7F73.tmp\System.dll
          Filesize

          10KB

          MD5

          bf01b2d04e8fad306ba2f364cfc4edfa

          SHA1

          58f42b45ca9fc1818c4498ecd8bac088d20f2b18

          SHA256

          d3f9c99e0c1c9acd81a1b33bc3dbd305140def90d10485c253cf1d455f0dc903

          SHA512

          30ca1663d659c5efac7fed3d1aaba81c47d5d5fda77f30f021124c882b858732e17f917bfd0aa3ee7b269fad86e75b1b9388d8f916e7a4e2c9961669f2c772e7

          Download Submit

        • C:\Windows\AMD\google.dll
          Filesize

          156KB

          MD5

          167a3de239998ea3de7cc8021da62cd8

          SHA1

          39e15fcafeb14a193df175ac28af9ce09664c4aa

          SHA256

          6a8de3ea76e3ca2e1d88d7c8544535454968f618d30a47a939d56c414fdec4d9

          SHA512

          dfdc7a5e3e9320164fcc4fe9936ee81cab5efc88ecf2fc686dd52d8d03394f90e7edd3491018b98b24f88bf1bb34490e22fc7e649a68ea0fcfc2bfb04627c104

          Download Submit

        • C:\Windows\AMD\google.dll
          Filesize

          92KB

          MD5

          713f7c09c9e6ba3649ed3bce5d72b716

          SHA1

          a5b852c136ba5624fffa4fcfaac43f1ac3aa512a

          SHA256

          13ed17c09fa56fe5af1762e0c387790a09543ac461fe2c01d39da2efbfa7674f

          SHA512

          34d2744f2d175bdf0abc61fbe172105a610ea7c5d039e6b3f5af5792d0adf38213f797fadcc9dbf225782598466c37f21bf98e4478cbc42c552c7d514e101bb0

          Download Submit

        • memory/2536-13-0x00000000024F0000-0x0000000002519000-memory.dmp

          Filesize

          164KB

          Download