bccb00918c6e8da3815d6e3606d7726dd6cc8c2efad39915dfbf6f4589f0d049

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 12:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

67a34735e88f8e85c178e4ee6d9f7dd4.exe
Size

145KB
MD5

67a34735e88f8e85c178e4ee6d9f7dd4
SHA1

dca640d775b7306599b489e9920d43911eeee6c0
SHA256

bccb00918c6e8da3815d6e3606d7726dd6cc8c2efad39915dfbf6f4589f0d049
SHA512

37c81c1b8e91b816985dcfffb8dae6d717804f26bbcc12f18637bfe7e5fddbfa2a065536fa4e7db02bf22288d6b756066bbd9b45675396c535b4c0c4211793f4
SSDEEP

3072:yRD4IS40saXWqEM8EGZ3egYtjgMHHcYrmHVEZxlCQlNe8i:yl45XeEET0bHHcYNCQLe

Score

7^/10

adware stealer upx

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2840	67a34735e88f8e85c178e4ee6d9f7dd4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2840-11-0x0000000002000000-0x0000000002040000-memory.dmp	upx
behavioral1/memory/2840-15-0x0000000002000000-0x0000000002040000-memory.dmp	upx
behavioral1/memory/2840-14-0x0000000002000000-0x0000000002040000-memory.dmp	upx
behavioral1/memory/2840-16-0x0000000002000000-0x0000000002040000-memory.dmp	upx

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1D172197-5EE6-4F2B-A043-69808EA282D9}	67a34735e88f8e85c178e4ee6d9f7dd4.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3308111660-3636268597-2291490419-1000\Software\Microsoft\Internet Explorer\Main\TabProcGrowth = "1"	67a34735e88f8e85c178e4ee6d9f7dd4.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D172197-5EE6-4F2B-A043-69808EA282D9}	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D172197-5EE6-4F2B-A043-69808EA282D9}\InprocServer32\ = "C:\\ProgramData\\dts.dll"	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D172197-5EE6-4F2B-A043-69808EA282D9}\InprocServer32\ThreadingModel = "apartment"	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1D172197-5EE6-4F2B-A043-69808EA282D9}\InprocServer32	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	67a34735e88f8e85c178e4ee6d9f7dd4.exe

C:\Users\Admin\AppData\Local\Temp\67a34735e88f8e85c178e4ee6d9f7dd4.exe
"C:\Users\Admin\AppData\Local\Temp\67a34735e88f8e85c178e4ee6d9f7dd4.exe"
1⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Modifies Internet Explorer settings
- Modifies registry class
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\dts.dll

Filesize
119KB

MD5
b628be60a729938dc34ed9dfaa599c5b

SHA1
56a678c6ee14e4a66517416019bd2703de7bae7a

SHA256
f17460effaae86695cf2d4aa7eae51e3b1931dbe5f8a070a7c8f5a825bffca9d

SHA512
aad2f66c72b2425bbf014fa3557d6733869abfed657483992566876921786220811edb91c4c9611a2cbafad58b103d4306dbcc4a985ef32a658677d0c356d76c

Download Submit
memory/2840-7-0x00000000005A0000-0x00000000005C3000-memory.dmp

Filesize
140KB

Download
memory/2840-11-0x0000000002000000-0x0000000002040000-memory.dmp

Filesize
256KB

Download
memory/2840-15-0x0000000002000000-0x0000000002040000-memory.dmp

Filesize
256KB

Download
memory/2840-14-0x0000000002000000-0x0000000002040000-memory.dmp

Filesize
256KB

Download
memory/2840-16-0x0000000002000000-0x0000000002040000-memory.dmp

Filesize
256KB

Download
memory/2840-17-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2840-18-0x00000000005A0000-0x00000000005C3000-memory.dmp

Filesize
140KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads