Overview

overview

6

Static

static

3

08566c41ce...98.dll

windows7-x64

6

08566c41ce...98.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08566c41ce83ef336fa2968740afec98.dll

  • Size

    342KB

  • MD5

    08566c41ce83ef336fa2968740afec98

  • SHA1

    8f7c329bb7cd00b7a281e3c4a5e3bd1efa5de086

  • SHA256

    302510683a6e5dadf71ce034a5a4e986e2b50926e0d0731ba3d50ea4750c995b

  • SHA512

    48c943acb78008712ee531d67d7ed23af9b5d367578147913072096b59d371b740bbf1284c14d1ec7476cd2ed9387e04e46472d83d5ec923a94fb4c5f089998b

  • SSDEEP

    6144:fn5prqhR7NNh4y0mz7wpbb1IvAynlUoZTBnw4cqFxs:v7qn7Nbz0awpbb12lUoZT1w4zm

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08566c41ce83ef336fa2968740afec98.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1664
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\08566c41ce83ef336fa2968740afec98.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads