Overview

overview

7

Static

static

3

5a7b25130e...9c.exe

windows7-x64

7

5a7b25130e...9c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2024 06:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5a7b25130e97e4ca92e22c42d56c4f9c.exe

  • Size

    128KB

  • MD5

    5a7b25130e97e4ca92e22c42d56c4f9c

  • SHA1

    2d52cca1d4edcec45c0d4539c4a26f29fc702bb9

  • SHA256

    0369f1101327e71b3ebba9b30e15d6ddf659e1008df290fd368b4687627786a5

  • SHA512

    631843dccaa600c74a720a3a53762e2ee61edde4df5d1de8ca060cdbcabd2e64d7c497cc91650382878669c2cc699a062514887edac53e14144c20eecb4da0b7

  • SSDEEP

    3072:EmeDmBqskJnv7Um1XZ/7fX7No2lReJXbSdNT08fFL:E8wZ1nReJXWg89L

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5a7b25130e97e4ca92e22c42d56c4f9c.exe
    "C:\Users\Admin\AppData\Local\Temp\5a7b25130e97e4ca92e22c42d56c4f9c.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:4712
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\PushWare\cpush.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\PushWare\cpush.dll
    Filesize

    208KB

    MD5

    a66cacb7947b94dff2acc14aab607266

    SHA1

    a7c627a114b44071831b3cfecb9d3328b7e6a51e

    SHA256

    567887e104611e6a3c9d593e5cfdf326e449462b31745999e27001d269a647e5

    SHA512

    1250a8eab2f382c8bafbca1cbe12590a7911cae89264457e721d7fcea97fa12641ff6ecb2ae336bcb0a99f457cb364e3cb1e54ed03dca0fc8ccb9d5b180aa8bb

    Download Submit