Overview

overview

7

Static

static

7

4bfa2e1c6a...b8.dll

windows7-x64

7

4bfa2e1c6a...b8.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2024 16:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4bfa2e1c6ab5764170ca87d369a7d8b8.dll

  • Size

    93KB

  • MD5

    4bfa2e1c6ab5764170ca87d369a7d8b8

  • SHA1

    63bcd877aba6fdd91b8cd5815aea5856b359c246

  • SHA256

    c83bfc375e9ba32819d54615783d1b9873b3ef46da21db7b1d93a53174fb916d

  • SHA512

    6e94ada02567c246cd52dbcdba078ba48229c64d7a76a6a58acd1341e30c47a8efd6cb750ab5b2e1dcecc220179881a71760a5f10c8e86cb2f121e0944403954

  • SSDEEP

    1536:VL5YhFx/PolezJDcBP016Yxb/Skux2CNaT+UWZoH8KBjaK+6r9L22:3YJPo8iBPQbM2CMTlz2NX2

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\regsvr32.exe
    /s C:\Users\Admin\AppData\Local\Temp\4bfa2e1c6ab5764170ca87d369a7d8b8.dll
    1⤵
    • Installs/modifies Browser Helper Object
    • Modifies registry class
    PID:2032
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4bfa2e1c6ab5764170ca87d369a7d8b8.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2032-0-0x00000000004C0000-0x0000000000501000-memory.dmp

    Filesize

    260KB

    Download