Overview

overview

6

Static

static

3

2ce1b929be...0c.dll

windows7-x64

6

2ce1b929be...0c.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 07:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ce1b929becb5cea9ede785aed58a30c.dll

  • Size

    152KB

  • MD5

    2ce1b929becb5cea9ede785aed58a30c

  • SHA1

    f32d4cb17cae255c81c625119bf65365133b21e4

  • SHA256

    c57523f43987ba348d58cbef524b40c85bb11ce015729582cfc9f9f019fa4bea

  • SHA512

    256b65215c59f52d39146fac71c01fb77dcadd8d3d75cb112498eebee7a22ea7349cb7574a373e08a29d4c59ba3e361b1a2e6383f1ee1ad9912bc9f7146fb247

  • SSDEEP

    3072:tFLqHObxiqWPLmCFJu5hNl0l+ciqrr9P9rv4cPHnMTG5:tFLq+xijDmeu5hP0l5iUJPFPHnd5

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2ce1b929becb5cea9ede785aed58a30c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4376
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\2ce1b929becb5cea9ede785aed58a30c.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:4768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4768-0-0x00000000005E0000-0x0000000000609000-memory.dmp

    Filesize

    164KB

    Download

  • memory/4768-1-0x0000000010000000-0x0000000010025000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4768-3-0x0000000010000000-0x0000000010025000-memory.dmp

    Filesize

    148KB

    Download

  • memory/4768-2-0x00000000005E0000-0x0000000000609000-memory.dmp

    Filesize

    164KB

    Download