Overview

overview

6

Static

static

3

0cf132a294...a7.dll

windows7-x64

6

0cf132a294...a7.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    138s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0cf132a29410b5ee656a610f920b4ba7.dll

  • Size

    174KB

  • MD5

    0cf132a29410b5ee656a610f920b4ba7

  • SHA1

    76539c39e62d18e5ee7cc2fe20b59faf325a1b28

  • SHA256

    e2df0cea039d91bfbcc0109359eef2db55c27ff8e04a9fe963c112db0e597d9e

  • SHA512

    aeb46f8733031e67106203b68d400899477b31499087e8eda1cae97edaedf456b78711e2e7c28f51f13f29409ef3cc0478f4a0465a5b332a5093783271a0f83f

  • SSDEEP

    3072:irRO6VMKUpkW1cmBA9Ezc7rXktZCT2ErXY0TySak5GtCt:OKVRckA9XrEUjYOaPtCt

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0cf132a29410b5ee656a610f920b4ba7.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2652
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\0cf132a29410b5ee656a610f920b4ba7.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2404
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1292 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1b2f1e3008775a4d9d3b6b22599c820a

    SHA1

    c725bfb6a2fd9881045d0a62b5122ba082a66b9b

    SHA256

    89ff19a7315a593eee873ea298ef8cf73cdd0048efb0e3e263d08fc622f734ef

    SHA512

    e9a71cf339ef22c055bce5df26107cfdc06b3dc8ac56676ed62eed9637e9c915c80f9e6ee649942084cd7c5249220df4cf6f891b425e5c62a12a966e2163ce02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b79bf8368a932ee78516c4c11e2d34c6

    SHA1

    936d6c9ad9403d34f06ee004acda013116b8e4a5

    SHA256

    f26359aa4820c68153c304241d8b597b83cc75629c128ebc2a3ad37769ac5ebd

    SHA512

    d6a9ef4b50683f3c8496d99856420a16f1632f748ea19fb33d5d7ff6dea0055dd22c66725b2f9c8948b3c0b255ed9e7ae20f8a5b973d9d0ce166b1196a61ad92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f62d7b43d56497dc3af1a3b9e01de634

    SHA1

    5d7d23550f92eede6c7c3994af02535650697334

    SHA256

    38e4c1385e11b819b17b9c6ee095e1a324be58694d4149e01948fc4d97b22da8

    SHA512

    27026fd0140e29e83368e3f31f7fbc7e6daf7eb7964b183378585a04a8bca9f0eb07b5308666728add9b9a609d304279a8e5112770f0a6c37fff1d5e81dff1b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e00fea77ffe49df61e317c8dd341e7d0

    SHA1

    64e9461eb5e6c654f89299a701be4ee48b82de06

    SHA256

    326e1857a52051e3e32c8fd08db238976ccf7a01d4dcebf7c02f03577f88d044

    SHA512

    1fb81ce8d474ffc7d58e58d3b225c2e466ec6b8ae76af1d2cb2cecacd11c95c72c6bb999a9d200419fcba3efa57971987f0af0a739cf3fa0f2b290836a3f195d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a49dd413f138a40d8fddb76991f1c08

    SHA1

    8652897982f9c52bbb4293ac14089e1016522112

    SHA256

    4d744b7d919859d8551dbdbd626db79a0a34fd999866fb2bbe4bedfdc1a30c73

    SHA512

    cbd28d250f10b5f511171325e0a850e634b642193f53270c48a460cc48b019332f32c2908c42d0e4c98b88a9eaf48215dcd624cbb9c597afffa0b091d3b52463

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c5e346d546a6cb3a0e1644135616af9f

    SHA1

    aabc7750b1aaed8fadfc83eedb754d2de4647c46

    SHA256

    291f55d7b02c486a559253f308c80852f11de52f46e77737598ac32debb0c0ad

    SHA512

    47b793de75f3b8af87389315091aa5f89a896bf15640e8114fa00fbbdaf9e6bee179035ba97f65e1323e8ce2666e526c621dae2360658aaf8dd0ef5b871a809d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9aca69aec13c12b7ce4266ccee2900e

    SHA1

    4a155f14fb86318a32fe9373c8cc069effd03154

    SHA256

    3cfdf9a13959b4f835230557c966bfcecc8ddef331cba6b8aab107833c843855

    SHA512

    39ef431f2703b450980d3f76608fd069e1b9f7c1b9dc776c765d15865b526e4d06920190044dcdf2bb6518c33dd567094c99e94ac2971d38e289f3266f1eda08

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    364d8e9f22a0aedb0d19c9c1cde68743

    SHA1

    5da123d942ec99f8c8405b62b29cd4bac3871de2

    SHA256

    ace9284420ea61031abf3a9756ba7652f726af8e5b4b7b3ac3c1b51bb1a39272

    SHA512

    6ff89219d528dfb77b61b229d9572093e79c6fa04f87a1901b7c3948b82dfa722d64987389fc122d175e8973868a61f7082d29741fde4c5a92ae96d758e70beb

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab930D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar97FF.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2404-0-0x0000000000260000-0x0000000000262000-memory.dmp

    Filesize

    8KB

    Download