Overview

overview

6

Static

static

3

3e784abaf4...c0.dll

windows7-x64

6

3e784abaf4...c0.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    02/01/2024, 16:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3e784abaf46a3d30b7fee8a22ba7aac0.dll

  • Size

    611KB

  • MD5

    3e784abaf46a3d30b7fee8a22ba7aac0

  • SHA1

    98c54c3a7bde81579446d612b50d5b7974d71f39

  • SHA256

    77e7485a7417846f81a5cd7783ec7b462fc425c85f5f6c337da1d88ba3c40358

  • SHA512

    a025062d96fca9ebc33d30c6b5313ce10c61e26a71c87ba0b55dc5c5c15c425720a6186b8d489997d21ecf4c5ab97faa70f0d1a9808b420cde06642803942d10

  • SSDEEP

    12288:zyA1ZdqVfv/6HftOIA3+00wstpSdCi3TLdLOG4Y1zLVBwjHeIBv7pj:31fqZCHwIr00taCiHp1JLIeIBT

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e784abaf46a3d30b7fee8a22ba7aac0.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3e784abaf46a3d30b7fee8a22ba7aac0.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2924

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2924-0-0x00000000006C0000-0x000000000075E000-memory.dmp

          Filesize

          632KB

          Download