Overview

overview

6

Static

static

3

5329911f70...64.dll

windows7-x64

6

5329911f70...64.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    138s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/01/2024, 09:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5329911f706434b57d58429469897164.dll

  • Size

    635KB

  • MD5

    5329911f706434b57d58429469897164

  • SHA1

    b42c30b3d0a48d0244aae03688ead71faeb881cf

  • SHA256

    0bcf0f70229ccc0343e2a891e7c4626e25877309260260b64a6167bf1846a49a

  • SHA512

    27fad142868c8dcc2b1924464c45b810030a28f6274cebdd1856c281bb4f88f22cd036e73ff67d97e5c0d09d5cfcee7cb0230f2db51656fbddb9cfcb3b6f39e4

  • SSDEEP

    12288:YM0t9FNcxDMmfrLAF8rZIRf2MmsXatHbLBwL9Ohw/fO79s:ItjNcXnVInvaN/Bw8hI

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5329911f706434b57d58429469897164.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\5329911f706434b57d58429469897164.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:5080

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads