Overview

overview

6

Static

static

3

2b91a2b40c...2f.dll

windows7-x64

6

2b91a2b40c...2f.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 06:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b91a2b40c46ed270fc0d133a978e72f.dll

  • Size

    228KB

  • MD5

    2b91a2b40c46ed270fc0d133a978e72f

  • SHA1

    e7f3fa0d487d6854100f29a5c61016a4487ccbcc

  • SHA256

    d47a5a71ef7b6d75a6fb8ee4007999d89faa1696d4366d7843961bafa90102b8

  • SHA512

    24030724fb93e7a27fa66fdc78294c66e21bf3d17b77fe68fb1052a07ebf6fdf117f723e7bf34c439ef83f28937a86773ddcdf7d40e48b4b40bb4596f0c1f2c6

  • SSDEEP

    3072:U/DYpIzYNTaF+crdjI5956au9BWq0a4gPa8dYcrE7KGLMqAEEtTJ/TvUao8DG3Ji:U/DYpIV+YIi/0arhfGAEEU1bQ

Score
6/10
adwarediscoverystealer

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2b91a2b40c46ed270fc0d133a978e72f.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:788
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\2b91a2b40c46ed270fc0d133a978e72f.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4824
      • C:\Windows\SysWOW64\mshta.exe
        mshta res://C:\Users\Admin\AppData\Local\Temp\2B91A2~1.DLL/103
        3⤵
          PID:4408

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4408-1-0x00000000040D0000-0x000000000410A000-memory.dmp

      Filesize

      232KB

      Download