Overview

overview

7

Static

static

7

3fd33cc8db...cb.dll

windows7-x64

7

3fd33cc8db...cb.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2024 03:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3fd33cc8dbef8f7f19c6532e052b23cb.dll

  • Size

    89KB

  • MD5

    3fd33cc8dbef8f7f19c6532e052b23cb

  • SHA1

    c03bb33ead2e83dc4a600746bf3f6c1b39f943d8

  • SHA256

    ca6901a7278de17f60980044213bc1c205ffcdd2481a44eee4987d3aa1b7528c

  • SHA512

    f9b0dbbe85177425a82ff54126c099fa6d90f17537c05989da290c9528893908eba13ed81b77576ca8d85bedc2f0750bbbe9e26c0fce27bc99519de4ce3fa48e

  • SSDEEP

    1536:Z6c2bcATlbcKNyRAO8s/d9JoIQL7qL5Z/7OTGghTzP0YEPNqNF7vSrcBP/:ZkI0tvwNqVAdYk7PNO+mP/

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3fd33cc8dbef8f7f19c6532e052b23cb.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3080
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\3fd33cc8dbef8f7f19c6532e052b23cb.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4084

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4084-0-0x00000000021F0000-0x000000000222F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4084-1-0x00000000021F0000-0x000000000222F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/4084-2-0x00000000021F0000-0x000000000222F000-memory.dmp

    Filesize

    252KB

    Download