bccb00918c6e8da3815d6e3606d7726dd6cc8c2efad39915dfbf6f4589f0d049

Analysis

max time kernel
91s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 12:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

67a34735e88f8e85c178e4ee6d9f7dd4.exe
Size

145KB
MD5

67a34735e88f8e85c178e4ee6d9f7dd4
SHA1

dca640d775b7306599b489e9920d43911eeee6c0
SHA256

bccb00918c6e8da3815d6e3606d7726dd6cc8c2efad39915dfbf6f4589f0d049
SHA512

37c81c1b8e91b816985dcfffb8dae6d717804f26bbcc12f18637bfe7e5fddbfa2a065536fa4e7db02bf22288d6b756066bbd9b45675396c535b4c0c4211793f4
SSDEEP

3072:yRD4IS40saXWqEM8EGZ3egYtjgMHHcYrmHVEZxlCQlNe8i:yl45XeEET0bHHcYNCQLe

Score

7^/10

adware stealer upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1524	67a34735e88f8e85c178e4ee6d9f7dd4.exe
1524	67a34735e88f8e85c178e4ee6d9f7dd4.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1524-14-0x0000000002540000-0x0000000002580000-memory.dmp	upx
behavioral2/memory/1524-19-0x0000000002540000-0x0000000002580000-memory.dmp	upx
behavioral2/memory/1524-18-0x0000000002540000-0x0000000002580000-memory.dmp	upx
behavioral2/memory/1524-17-0x0000000002540000-0x0000000002580000-memory.dmp	upx

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7AD294C-8495-42A9-92EB-39D716063E5B}	67a34735e88f8e85c178e4ee6d9f7dd4.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Software\Microsoft\Internet Explorer\Main	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Internet Explorer\Main\TabProcGrowth = "1"	67a34735e88f8e85c178e4ee6d9f7dd4.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7AD294C-8495-42A9-92EB-39D716063E5B}	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7AD294C-8495-42A9-92EB-39D716063E5B}\InprocServer32\ = "C:\\ProgramData\\dmxmlhelputil.dll"	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7AD294C-8495-42A9-92EB-39D716063E5B}\InprocServer32\ThreadingModel = "apartment"	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A7AD294C-8495-42A9-92EB-39D716063E5B}\InprocServer32	67a34735e88f8e85c178e4ee6d9f7dd4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	67a34735e88f8e85c178e4ee6d9f7dd4.exe

C:\Users\Admin\AppData\Local\Temp\67a34735e88f8e85c178e4ee6d9f7dd4.exe
"C:\Users\Admin\AppData\Local\Temp\67a34735e88f8e85c178e4ee6d9f7dd4.exe"
1⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Modifies Internet Explorer settings
- Modifies registry class
PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\dmxmlhelputil.dll

Filesize
119KB

MD5
5361e55ae0a8a283c5874b8278693455

SHA1
6e8be2f46b7949a99d49f91e9f0fcdb7a96ddbcd

SHA256
c120e69b75b1bc107692b5ce2e9930d7c37da5d019b20264bfb72b81d2354c54

SHA512
27dc129910bc79db0e89cd3dfa095d3914b79e8ba80156d5ef85d15417569640b1079f3f415bf9c9a6ad503721176f07b05a88c37899c784769dde18d35c8791

Download Submit
C:\ProgramData\dmxmlhelputil.dll

Filesize
77KB

MD5
5620012213e24cf2f25ba0f852ce8cde

SHA1
69dd4b93b9e47ee808fec1d1415aebae2253533b

SHA256
c946e5b37fad245359793b181cfdac8f97b8b898902ca2caa20aa5c130ea0045

SHA512
6caa24c81f6be8a58321805835d90018c0e0eba93eb9995e644f5ba7d8d31f81eee9e3b987f06eebcbaefe0d4cf04f44d42c3fb7f5f3326eb129b65c9c218da0

Download Submit
C:\ProgramData\dmxmlhelputil.dll

Filesize
80KB

MD5
f6544c42a3e3295fa19a963874565f71

SHA1
48e1395600c1853730f19362cca84b591e1b419c

SHA256
709dc1923143f466b89e641a80d63c41b11f2750a4d11a1b1c01ea5f6747196f

SHA512
84e5e04c272113943e0946b0cae824d6a9d809d1330cddbb1710c2028e0e10b5e5810ed0862be57a95aeeff4f666f4dc4009eb88e19ca8b5f9839ca92a33edbb

Download Submit
memory/1524-14-0x0000000002540000-0x0000000002580000-memory.dmp

Filesize
256KB

Download
memory/1524-19-0x0000000002540000-0x0000000002580000-memory.dmp

Filesize
256KB

Download
memory/1524-18-0x0000000002540000-0x0000000002580000-memory.dmp

Filesize
256KB

Download
memory/1524-17-0x0000000002540000-0x0000000002580000-memory.dmp

Filesize
256KB

Download
memory/1524-9-0x00000000022D0000-0x00000000022F3000-memory.dmp

Filesize
140KB

Download
memory/1524-21-0x00000000022D0000-0x00000000022F3000-memory.dmp

Filesize
140KB

Download
memory/1524-20-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads