Overview

overview

7

Static

static

7

157665b8a0...e3.exe

windows7-x64

7

157665b8a0...e3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-12-2023 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    157665b8a0cdd43987783b3478a4cbe3.exe

  • Size

    259KB

  • MD5

    157665b8a0cdd43987783b3478a4cbe3

  • SHA1

    47aa15bd5ee39f6f28107c5c097da825f0a0f7f4

  • SHA256

    1185e8a0a1170699b12cdb02fdaa08debd61958c7cc4dc89d1001d05e0a0ed1c

  • SHA512

    d036d8adb1a0e7f2fb2df65c7fdd7885e9ad335098383608fcafd4eac96963ade543113628511935e7bbddedaa165f7787d2c60735a9d89178db85cd4a6abb0c

  • SSDEEP

    6144:+G95BfOnPVfetbv8brONHVMmrYwi80BSZvm0Hq4DM:+G95NOnPVfepEbM1z7uBSZNq4DM

Score
7/10
adwareaspackv2stealer

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\157665b8a0cdd43987783b3478a4cbe3.exe
    "C:\Users\Admin\AppData\Local\Temp\157665b8a0cdd43987783b3478a4cbe3.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Windows\SysWOW64\Regsvr32.exe
      Regsvr32 /s "C:\Windows\system32\Info.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1076
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c .\UnInstall.bat
      2⤵
        PID:3624

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\UnInstall.bat
      Filesize

      178B

      MD5

      d8c5bfe31aa4280a647508995b51c042

      SHA1

      f033977f0b46ecefad273e0f6b57de00f6aeaa1d

      SHA256

      154de7577a6a46bbfd08c55ae6bca3557c15239842be83087f03398095472f57

      SHA512

      a5e4a37436aefe99454ee2d0a0c1a0b3db0f7bb50675e989424b1bd382f3fe1485a6a6aa44f245111c0505f839eb7f27bf65df0e00278d2752fa1b811fc031bb

      Download Submit

    • C:\Windows\SysWOW64\Info.dll
      Filesize

      88KB

      MD5

      8af51e9ed739bf43e9c2d9870be5233f

      SHA1

      23b35a1b0c5e3c0439312fd501bf83a2277b337c

      SHA256

      f705bfb9013e373a513f94304e6b659141d52675bcc1d11e23bed7c48c87ecba

      SHA512

      07fd3f6f196a425411327cb91932da10b624b49beeabf31373d10bcca0a92531df0a245294d65fa883e228d1155b6a1b7ac2092b46e4e510103530724864460a

      Download Submit

    • memory/1076-8-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download

    • memory/1076-9-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download

    • memory/1076-10-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

      Download

    • memory/1616-0-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1616-1-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1616-2-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1616-3-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download

    • memory/1616-5-0x0000000000960000-0x0000000000961000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1616-13-0x0000000000400000-0x0000000000489000-memory.dmp

      Filesize

      548KB

      Download