Overview

overview

6

Static

static

3

41c22d3cc8...fb.dll

windows7-x64

6

41c22d3cc8...fb.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/01/2024, 19:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    41c22d3cc889203fbf7b1693914de3fb.dll

  • Size

    546KB

  • MD5

    41c22d3cc889203fbf7b1693914de3fb

  • SHA1

    a9f5931dd92e7a80be9532299be367f3855fb191

  • SHA256

    f76d6a54a9010ad4044094cc19641f9c83085543479635353164e73e6c773255

  • SHA512

    7f659cf13fd350cffd167aac68508a9209a398e8d11765415cfe416e0f9648a323d64c798d283d190c42e5663c84f06bf417192f4076980e2a38bb1fa896feaa

  • SSDEEP

    12288:bisJfKjGOJV7+KYOri/PBmyaK6c38g9DVhTlYpWNr:bTEGW+1FLaisg9DLTl+WR

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\41c22d3cc889203fbf7b1693914de3fb.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1676
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\41c22d3cc889203fbf7b1693914de3fb.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2040

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2040-0-0x00000000021A0000-0x000000000222D000-memory.dmp

          Filesize

          564KB

          Download