Overview

overview

6

Static

static

3

13fbf0d0dc...00.dll

windows7-x64

6

13fbf0d0dc...00.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13fbf0d0dc33ff6c5328ae2d7caa8900.dll

  • Size

    382KB

  • MD5

    13fbf0d0dc33ff6c5328ae2d7caa8900

  • SHA1

    8cb830fd1d114c96894983ae2329dfee0a2ff5a6

  • SHA256

    59f1b546977250858c17a8cc7baa400fcd2d5c65b32a227f35791f0eb2009c96

  • SHA512

    89777988de69b8f9742b64e6873dedaf830bc4586213ab42635d9f38aeb17a3881d3789829b20a5745e452fa2312248992976e1253fde75be1eabad86cfbd551

  • SSDEEP

    6144:D6N+BnrDcGgpPydGHDf4EnzNkRiIYZ4irhKODT6ZYH45an9DNGdnmLq1Se:DxBvcRPyaEiIYT0hZB5aedmLVe

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\13fbf0d0dc33ff6c5328ae2d7caa8900.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\13fbf0d0dc33ff6c5328ae2d7caa8900.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2136
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc02c65150947128689071e901b456ca

    SHA1

    f5eaa97a983be26d7bfdeb978756c07ca0b61784

    SHA256

    4c5d692c08e993eaaaa7c8df687d37060493ef77ca86889a13a98c0896db547f

    SHA512

    17169454a8718e90d6405b77c76ce123f5a8f0f55c407a40a339ae35e6038fbaaa046c6446012a757f9b1aa7444f9c9c8785d9ffe820aa789b7a8f47c9fea087

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14cb24ce4b122c6db3fd0188c076c588

    SHA1

    10f7fe0f29c8524d8ddf43b2fbc25f4121272739

    SHA256

    b34377bcccc512a22dddc35ada9a6b8a5cf231088b2e34471ee73b3d41e8f81c

    SHA512

    e830da8d5ac13830fc50847bc1ba9f13a08a757bc40eb42de5f673bbab82412e5409a3cf65bddea8079b3893878a35e9804f368a153946db91f553a49e0d287b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ccda77f9a558b7d9f107a210750410a2

    SHA1

    76a1525f8f5b2c9e44beb80c7fde1fed832d2d27

    SHA256

    acc6cf341c2f975d14f1a070666f9f7d2b57505c6c7056c8847953dfb01db187

    SHA512

    b00a448ac996193d176bc582535ad5d1a9021e1effdd6ec35cf6e4b5f65147b5b2e80a8eb455729a03f090ee2a3fb66993ccbcb8b8f7e3b450b6b75047e7b464

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    77f8d93a32717a95a993d99731805033

    SHA1

    c2da458907193b20e225994f45b100bd7dc89e3e

    SHA256

    23eb9d8b7f5f9fc0a3793130e59921353c7d80e15bd34d1fa336dee73888c7c6

    SHA512

    0e6b1220ff80281b998daa23d71ff8d57869c844d8fa3e008dbb85df1a7ebb6cc5f7a12b1088a93d9d7c1b46c062b65562f1e4c7800670dacb533d7ba8551777

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    beb26c430abaa12eeaecdf5e06e46f75

    SHA1

    c357df41403f4c2eec47a8fbbe9c284223db5e11

    SHA256

    0dfa1a81561ba292aa864ace5d02be338e97a2623a8ab5fb7b92142642bed404

    SHA512

    2c67be44c19df1cba681d9270515e66beb08e032a3bd77e732a311b38844a4f36fe9f053816f2189a8e7eb6821230dc7c9ae60e81496022a297e5d71f01bfb95

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cff3f93125409ba1423ce683a88d1bfc

    SHA1

    2e67f95baeadc5bc699ac526558131102f0d2683

    SHA256

    fb5a4bc2c12f9bf8beab1b6b8b1a19a47c469650090754398564a8d02360e2ba

    SHA512

    9b3bdc76ebc9cee03b0fca808e9baf62497046fbab010b811b941896afe0fce4e383e78bc9cb7d0c270507976cd76ea8974ef55d1fd11f09a763694a936ffcad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB454.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB532.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2136-0-0x00000000001F0000-0x00000000001F2000-memory.dmp

    Filesize

    8KB

    Download