4879007515fc16fd0b22156852f2af0424c947f8cf543f5f4cccf1aed52bc97d

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SQLi Dumper v8.3.exe
Size

7.0MB
MD5

d3c358f1785594fb5619cda521b9ff04
SHA1

9c4a88b66da3fab2bc1b8fe2d2d4bc12903d7603
SHA256

4879007515fc16fd0b22156852f2af0424c947f8cf543f5f4cccf1aed52bc97d
SHA512

3ad1c58d7ba5b509ba4dd292ac62efa9e1f8f39660d3b55a5853b15e55ff6a15a3f8c7fed3b6dac4a5a00987e4ef6052829071342edb182916409819e9b21ee8
SSDEEP

196608:sDKjAQxVBnZwfZ1l6yYrWOVr62bXfwvZR8T3WkYoZx8n:vjAOVBZwfQWyWAfwaG4Gn

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1888	SQLi Dumper v8.3.exe
1888	SQLi Dumper v8.3.exe
1888	SQLi Dumper v8.3.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TypedURLs	SQLi Dumper v8.3.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	SQLi Dumper v8.3.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1888	SQLi Dumper v8.3.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1888	SQLi Dumper v8.3.exe
1888	SQLi Dumper v8.3.exe

C:\Users\Admin\AppData\Local\Temp\SQLi Dumper v8.3.exe
"C:\Users\Admin\AppData\Local\Temp\SQLi Dumper v8.3.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\XCEnh5cyCr7+M50gAvNG9A==#\ChilkatDotNet2.dll

Filesize
5.7MB

MD5
6990f5076eb51ee135492ba5ba619b72

SHA1
a8d4941d4ece23faafa231e53d2a1f34a6dc0302

SHA256
6733f1b7daf40076ffe88dc8a88e23181d1ba449d6e5bb36a5325b4353849460

SHA512
d1d3ab75a7be7e56116a0ff5d9b98f51ec3fc3ac1056f5ae6c526ef742bd5a209c587389a7ab857b882d656c7e812d684baf3b126b99161b0b8593f5f764c747

Download Submit
memory/1888-10-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1888-5-0x0000000001170000-0x00000000011B0000-memory.dmp

Filesize
256KB

Download
memory/1888-11-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1888-15-0x0000000001170000-0x00000000011B0000-memory.dmp

Filesize
256KB

Download
memory/1888-12-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-6-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-7-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-8-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-9-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-0-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1888-3-0x0000000001170000-0x00000000011B0000-memory.dmp

Filesize
256KB

Download
memory/1888-1-0x00000000744E0000-0x0000000074A8B000-memory.dmp

Filesize
5.7MB

Download
memory/1888-4-0x0000000001170000-0x00000000011B0000-memory.dmp

Filesize
256KB

Download
memory/1888-16-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-17-0x0000000001170000-0x00000000011B0000-memory.dmp

Filesize
256KB

Download
memory/1888-18-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-19-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-20-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-2-0x0000000001170000-0x00000000011B0000-memory.dmp

Filesize
256KB

Download
memory/1888-25-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download
memory/1888-29-0x0000000008E10000-0x0000000008F10000-memory.dmp

Filesize
1024KB

Download