Overview

overview

7

Static

static

3

0a2b01b67a...51.exe

windows7-x64

7

0a2b01b67a...51.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a2b01b67a4a45da6bc934058c5e5751.exe

  • Size

    21KB

  • MD5

    0a2b01b67a4a45da6bc934058c5e5751

  • SHA1

    aa08cee0593a35a7225969863e15efea8e516f27

  • SHA256

    de75afcf7668eee9f206b620c4c85cc5f35a23fb707828eb9d2d82241783f24b

  • SHA512

    9e8f2a0dd2906525c7640f19110ed4d0b726a97a05a64d4e463362c3319eae0946ec4cfcef444d4b4b8f17b2c21847d99ea206369bdba4904b9c09ef298401e9

  • SSDEEP

    384:6VI3+EdgavvxVcxjusw/v3wnOzgcZXxmfnds8US/zkw91AEfHdb:66+a7vxGgswH3wiBXWsLozkUAEfHd

Score
7/10
adwarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 5 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 8 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a2b01b67a4a45da6bc934058c5e5751.exe
    "C:\Users\Admin\AppData\Local\Temp\0a2b01b67a4a45da6bc934058c5e5751.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of SetThreadContext
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:2924
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32.exe /s C:\Windows\system32\g.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:3032
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe
      2⤵
      • Deletes itself
      PID:2908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\g.dll
    Filesize

    14KB

    MD5

    5d4645be5ca0c5f7551322de73fe14c3

    SHA1

    4c8f94944f77d9befcc7440ab124af1eb1f94593

    SHA256

    f381a2d43c722e53eb376e69e65624ef41c8ab89dd30359e97d50a706a11d0dc

    SHA512

    e0853a4d416552b3e03dd5406f71570571c04e41c69e75af558b8f2844655cd65f1034077f4994a27581d4d09784c3e7c7c7dc45b6b29ad92ed6a5baed02c1b5

    Download Submit

  • memory/3032-3-0x0000000010000000-0x0000000010009000-memory.dmp

    Filesize

    36KB

    Download