Overview

overview

7

Static

static

7

7c9172b185...3a.exe

windows7-x64

7

7c9172b185...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    26/12/2023, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c9172b18543f697525c4d7314d3a23a.exe

  • Size

    161KB

  • MD5

    7c9172b18543f697525c4d7314d3a23a

  • SHA1

    ab2875e039b5a4cf466128f63234e0a279cdf61e

  • SHA256

    75fcc9aa30238b16e1c23bde007bef2248b0638e6f419252a80dc887ef05a3ef

  • SHA512

    25c5cc367ea0d5db639cf406819dd0cd0276e874d204a6351a6bf475fabc1453386f862477975ddf3de66f1fdc322a3e68b0a68c0f77b54ab79b72c82401c612

  • SSDEEP

    3072:1HIENA6jJVHO585ZI/0gPQLUmTw4Pf/W8WzQJJ5ozie:ym9VHQWgPQL1rne86kJ5e

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 30 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c9172b18543f697525c4d7314d3a23a.exe
    "C:\Users\Admin\AppData\Local\Temp\7c9172b18543f697525c4d7314d3a23a.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s C:\Windows\system32\eyfwin.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2404
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://configupdatestart.com/bind2.php?id=3913137
      2⤵
        PID:2664
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
      1⤵
        PID:2484

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        a05829ad9a1e71563dfea34ac359db7d

        SHA1

        3d8c03c3594b8c94a2deb8f4a67c53afd7db7e3b

        SHA256

        735e04f088e02c4a28f87ea22089f03760aad99c6cf1d575b29bd3f5716029c0

        SHA512

        2acbf0a7e01007e17312a3e1681e0a8ceece0b2a18abbf2e2e5e09076fad9edd05dce0cd4ef13e72cfa19de1af520c3f5e7fd372c14f87146faf2e5bedcf8e1e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        a1635c58d736fdf26c4f5a8f24edfdc7

        SHA1

        25c1335feb9994c86b3b0b5bc93b2164517e26fa

        SHA256

        b59c88404fc06355e9ed2fbbafe408fcbc7d15f1e44d63720444049d03eeee43

        SHA512

        f09ea7663939b62b69bd5314a0c9e2d8bff52d904f9d30ce11e394c5a3b22488eec76d81ec32ebfd0ce6dbeb7966bff9cfbd039b8b368a87e28bfed199ae4c5f

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        1b0680664fbe1740882776655610e31a

        SHA1

        0aa30aad3b8b13a763a4073604b34b15548e1be1

        SHA256

        298908380e9b4b52ea8de682c013fa0ba3d0f10311cf6b82b35481c22fb1640a

        SHA512

        735cd17ff8e758cdff8c51d963012d18a01e0df5427928c75a46e4c31564749bd9803eb50ae1f1e62d95312467acdb18692cab572b82d9f47ea6a9e86802e11a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        8c93aef911dbab3f6d22a64f25098127

        SHA1

        6c4da118de5608e66d633f7b791f8619906fa5d8

        SHA256

        8016be502cd4eef3be5f0f41857a229b244b748a4227e7d45d4b780214865be1

        SHA512

        62fee77b5178467328af4115ef80192eb45872ffedca4f4f2b2040985108ba6597f91dcbca7b7535e3700dd36aaa425303bd9341d85ad341878566e467c4a6a7

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        b2a46558019d89196d2e52694265080f

        SHA1

        89bf0c40357ba3b3e749937fa637abb0a3c2ef9b

        SHA256

        3e1f09a09f36c82e8de6cafe18a3a868ca0e034acf1583977ec3ab2dfa1d3aed

        SHA512

        191c227a3a9e80c7745da73fa09113dd675c7d491d11c58f89bd5ad12018029841bb4404f09dc32aae474ffeae22dba7b04b8041acb03272f2068b260de57d02

        Download Submit

      • \Windows\SysWOW64\eyfwin.dll
        Filesize

        272KB

        MD5

        350389796f77883f91933203ca6aa448

        SHA1

        49c470a38b7e48a4b9a673580f22b4aa8268016d

        SHA256

        977818d61f8a496bfafca28023b7aa2556231027bbd09cd20ff9abaef728cfb5

        SHA512

        842ed73aba67e7b79c2cc7c8f7e39c2fafa6dd5e0983388c8b30dd02e2af9a5bab466cb3b7e65b4d9c0151d93fd49858b00fcd18d0baf70a87ee5721d8b17bd3

        Download Submit

      • memory/2924-29-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

        Download

      • memory/2924-1-0x0000000000400000-0x0000000000482000-memory.dmp

        Filesize

        520KB

        Download