Overview

overview

7

Static

static

7

157665b8a0...e3.exe

windows7-x64

7

157665b8a0...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    103s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    157665b8a0cdd43987783b3478a4cbe3.exe

  • Size

    259KB

  • MD5

    157665b8a0cdd43987783b3478a4cbe3

  • SHA1

    47aa15bd5ee39f6f28107c5c097da825f0a0f7f4

  • SHA256

    1185e8a0a1170699b12cdb02fdaa08debd61958c7cc4dc89d1001d05e0a0ed1c

  • SHA512

    d036d8adb1a0e7f2fb2df65c7fdd7885e9ad335098383608fcafd4eac96963ade543113628511935e7bbddedaa165f7787d2c60735a9d89178db85cd4a6abb0c

  • SSDEEP

    6144:+G95BfOnPVfetbv8brONHVMmrYwi80BSZvm0Hq4DM:+G95NOnPVfepEbM1z7uBSZNq4DM

Score
7/10
adwareaspackv2stealer

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\157665b8a0cdd43987783b3478a4cbe3.exe
    "C:\Users\Admin\AppData\Local\Temp\157665b8a0cdd43987783b3478a4cbe3.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Windows\SysWOW64\Regsvr32.exe
      Regsvr32 /s "C:\Windows\system32\Info.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1248
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c .\UnInstall.bat
      2⤵
      • Deletes itself
      PID:1088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\UnInstall.bat
    Filesize

    178B

    MD5

    d8c5bfe31aa4280a647508995b51c042

    SHA1

    f033977f0b46ecefad273e0f6b57de00f6aeaa1d

    SHA256

    154de7577a6a46bbfd08c55ae6bca3557c15239842be83087f03398095472f57

    SHA512

    a5e4a37436aefe99454ee2d0a0c1a0b3db0f7bb50675e989424b1bd382f3fe1485a6a6aa44f245111c0505f839eb7f27bf65df0e00278d2752fa1b811fc031bb

    Download Submit

  • \Windows\SysWOW64\Info.dll
    Filesize

    88KB

    MD5

    8af51e9ed739bf43e9c2d9870be5233f

    SHA1

    23b35a1b0c5e3c0439312fd501bf83a2277b337c

    SHA256

    f705bfb9013e373a513f94304e6b659141d52675bcc1d11e23bed7c48c87ecba

    SHA512

    07fd3f6f196a425411327cb91932da10b624b49beeabf31373d10bcca0a92531df0a245294d65fa883e228d1155b6a1b7ac2092b46e4e510103530724864460a

    Download Submit

  • memory/1248-11-0x0000000000170000-0x00000000001A9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/1248-13-0x0000000000170000-0x00000000001A9000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2112-0-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2112-3-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2112-1-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2112-2-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2112-4-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2112-6-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/2112-10-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2112-21-0x0000000000400000-0x0000000000489000-memory.dmp

    Filesize

    548KB

    Download