Overview

overview

7

Static

static

3

1c8a9be420...70.exe

windows7-x64

7

1c8a9be420...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1c8a9be42051f12b13028c3f56a88e70.exe

  • Size

    659KB

  • MD5

    1c8a9be42051f12b13028c3f56a88e70

  • SHA1

    726a50bb26f4644ad3bbf0fd3d6777c0a18d9884

  • SHA256

    018695bc554cbaa5b72406785a96bd2e1af41d955c8bb02bb9d45d1fd14f3cee

  • SHA512

    cec0f025d9ba32c397cab8698c4de36217ca8c502300212383ef46a481a7565ccc26accb743e8dfd3b3e9c5f9d60198fd1ab7d9d3ed74ac2f1cf732cfef02762

  • SSDEEP

    12288:6uEHQptBbtpZsEeXD/bfJJpXKaahMAYpOE:x6QptNZsEAD1JpXKxhZC

Score
7/10
adwarestealer

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c8a9be42051f12b13028c3f56a88e70.exe
    "C:\Users\Admin\AppData\Local\Temp\1c8a9be42051f12b13028c3f56a88e70.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1580
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -s "C:\Users\Admin\AppData\Roaming\Microsoft\McTaobao.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1448

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\McTaobao.dll
          Filesize

          66KB

          MD5

          ca8333439e933625c0a47c74e831bce8

          SHA1

          03713abcb8cf4d75c36a2cacadfba280fb7e84dd

          SHA256

          0b86ddaefc58f80577c27a929f86c64ca2644a66699cbb45d4f30673f2eac381

          SHA512

          c251bedaf0d0e1058ed8dbaef3e5fd11d80fad16972dca6e8fa52b8023075fa28ac84a14129e688cbbfa0fa41e9686829e9edc9c4602b0b6323f16153c299749

          Download Submit