Overview

overview

6

Static

static

3

04914fc040...b6.dll

windows7-x64

6

04914fc040...b6.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    38s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29/12/2023, 21:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    04914fc0401a92c6337d20ab50b12cb6.dll

  • Size

    640KB

  • MD5

    04914fc0401a92c6337d20ab50b12cb6

  • SHA1

    61073d0fd3bbca3e155fc3183e252b11101ada89

  • SHA256

    93606cea3569bcf9652bbadf913345ec8f5667572e4472a5e63463400a3e1c14

  • SHA512

    b5f7d2d89ec98ebbd96b97cea42d7d283f071dfa15b11c087f585c28a932fea0f1cbe30ac61896c46f333e6a5608b262d625f9aae7240d4a30d0d79ff256c091

  • SSDEEP

    12288:+0Et9YDc5DMWfT44XUDxoyiD02sHL1Q3h+g2tePm:utWDc/EXouPL1Oh+gA+

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\04914fc0401a92c6337d20ab50b12cb6.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2612
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\04914fc0401a92c6337d20ab50b12cb6.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2780-0-0x00000000009C0000-0x0000000000A65000-memory.dmp

    Filesize

    660KB

    Download