Overview

overview

6

Static

static

3

4f50a212a8...f1.dll

windows7-x64

6

4f50a212a8...f1.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 02:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4f50a212a8c837917c834abf76f19bf1.dll

  • Size

    546KB

  • MD5

    4f50a212a8c837917c834abf76f19bf1

  • SHA1

    a92d8dae7de987c98bce0ec09e72f96d85b91ed3

  • SHA256

    59edcb6c99dfff6985c72b7bc706875f5b85ac810c6d37f5b6d4ee5b8f09043d

  • SHA512

    d2c03053960a455aa661d94e86715ba9b1898f005fb06605bb643d381b79abbd5abe24af8f6bcf4564f48089c949bb850ec01506119f70011ce99f5686362001

  • SSDEEP

    12288:jisJfKjG2fcIlDuZ8NwtLiazT+qfSHdka3kyhTOYQn/:jTEG2lDu2SzqpHR3DTO7n

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\SysWOW64\regsvr32.exe
    /s C:\Users\Admin\AppData\Local\Temp\4f50a212a8c837917c834abf76f19bf1.dll
    1⤵
    • Installs/modifies Browser Helper Object
    • Modifies registry class
    PID:1732
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4f50a212a8c837917c834abf76f19bf1.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1732-0-0x00000000001B0000-0x000000000023D000-memory.dmp

          Filesize

          564KB

          Download