4c3bfe0110373c35a21c09c75df33107ef42dcd1a5a32746e3392971d4a40cc3

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$TEMP/dospop.exe
Size

806KB
MD5

067a003a0740da60aaa074f45d5266c5
SHA1

a5016ff1703d63c215da0f331003759f70f33659
SHA256

edb695897f58c9e5533136fa7836216e2463fcaafd1d82dd5e50fa0fd4be471e
SHA512

ae692fc8f5a71d4c189e91bf2d0dc0eea7e7636ebfa911dc76f6cbe69f6f7fb5ed2a497e92de39ad77aab166155a01a4b7ff6f493a63f1639b952431a16d007d
SSDEEP

24576:JlzyMuPssLniF/pnFmXb7R5tdpEpFbI+PXj:D2FziFjmX/R3/C+i

Score

7^/10

adware stealer

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2152	regsvr32.exe
2152	regsvr32.exe
2152	regsvr32.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\ = "TBSB09293"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\NoExplorer = "1"	regsvr32.exe

Drops file in Program Files directory 14 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\DosPop\DospopToolbar\options.html	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\basis.xml	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\logo16.bmp	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\static_img.html	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\static_pub.html	dospop.exe
File opened for modification	C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\icons.bmp	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\toolbar-logo-dospop.bmp	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\version.txt	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\dospop.crc	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\tbs_include_script_008091.js	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\uninstall.exe	dospop.exe
File created	C:\Program Files (x86)\DosPop\DospopToolbar\update.exe	dospop.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 22 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar\toolbar_version = "DosPop Toolbar 1.37"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar\firstTime = "1"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar\TBShow = "1"	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar\CurrentLayout = "0"	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\Enable Browser Extensions = "yes"	dospop.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{BFB5F154-9212-46F3-B547-AC6106030A54} = 00	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar\toolbar_id = "{46CFA49E-E034-4782-A818-B512C09DD306}"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main	dospop.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar	regsvr32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{BFB5F154-9212-46F3-B547-AC6106030A54}	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY	regsvr32.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe = "0"	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293	regsvr32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\TBSB09293\Toolbar\updateXML = "1"	regsvr32.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ = "ToolbarURLSearchHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB09293\ = "TBSB09293 Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}\ = "IPosBHO"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\ = "URLSearchHook 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}\TypeLib\ = "{77AA25E8-6083-4949-A831-9CB11861DC10}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1\ = "ToolbarURLSearchHook Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.TBSB09293\CLSID\ = "{BFB5F154-9212-46F3-B547-AC6106030A54}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\ = "TBSB09293 Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.IEToolbar.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\ProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32\ = "C:\\Program Files (x86)\\DosPop\\DospopToolbar\\tbhelper.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID\ = "URLSearchHook.ToolbarURLSearchHook"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ = "IToolbarURLSearchHook"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.TBSB09293\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\VersionIndependentProgID\ = "TBSB09293.TBSB09293"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB09293.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB09293.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB09293\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook\ = "ToolbarURLSearchHook Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.IEToolbar\ = "IE Toolbar"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}\ = "IPosBHO"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1\CLSID\ = "{CA3EB689-8F09-4026-AA10-B9534C691CE0}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.IEToolbar\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\ProgID\ = "Toolbar3.TBSB09293.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.TBSB09293\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\ProgID\ = "TBSB09293.TBSB09293.3"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Implemented Categories	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\TypeLib\ = "{77AA25E8-6083-4949-A831-9CB11861DC10}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.IEToolbar\CLSID\ = "{BFB5F154-9212-46F3-B547-AC6106030A54}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B75CF7AE-80B0-45C3-BA27-BABC08484319}\TypeLib\Version = "1.0"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFB5F154-9212-46F3-B547-AC6106030A54}\ = "DosPop Toolbar"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\DosPop\\DospopToolbar\\"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.IEToolbar	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB09293\CurVer	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32\ = "C:\\Program Files (x86)\\DosPop\\DospopToolbar\\tbhelper.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.TBSB09293.3\CLSID\ = "{BFB5F154-9212-46F3-B547-AC6106030A54}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.TBSB09293\ = "DosPop Toolbar"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TBSB09293.TBSB09293\CurVer\ = "TBSB09293.TBSB09293.3"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Toolbar3.TBSB09293.1\CLSID\ = "{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13}\InprocServer32\ = "C:\\Program Files (x86)\\DosPop\\DospopToolbar\\dospop.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{24BBB29A-FB7B-425B-822D-15D0B861E99B}\TypeLib\Version = "1.0"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2152	2364	dospop.exe	28
PID 2364 wrote to memory of 2152	2364	dospop.exe	28
PID 2364 wrote to memory of 2152	2364	dospop.exe	28
PID 2364 wrote to memory of 2152	2364	dospop.exe	28
PID 2364 wrote to memory of 2152	2364	dospop.exe	28
PID 2364 wrote to memory of 2152	2364	dospop.exe	28
PID 2364 wrote to memory of 2152	2364	dospop.exe	28

C:\Users\Admin\AppData\Local\Temp\$TEMP\dospop.exe
"C:\Users\Admin\AppData\Local\Temp\$TEMP\dospop.exe"
1⤵
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Windows\SysWOW64\regsvr32.exe
  C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll"
  2⤵
  - Loads dropped DLL
  - Installs/modifies Browser Helper Object
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\DosPop\DospopToolbar\basis.xml

Filesize
7KB

MD5
ddd7fcc20dd29eed331b186b5ca2889d

SHA1
f7890c5e84f74890bd36dfac8d6f6912e68bf60e

SHA256
c0d0a01a21c19475a5be0b5552e992520da735d86e6a40688b26735d4a7490b5

SHA512
b3b8ead777be600f59218d988c80b752a30587f1d298900f97beb32966fde18f72158eae3a0da6be6aaf4b5fb3ba4603cf36a99fe79fbd3bab38e8110c8061b2

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\dospop.crc

Filesize
223B

MD5
ec3733d5ea6c6404204c5bbaae9210e1

SHA1
6b70c10e79e29904fee05a76b3852ed4e437fb25

SHA256
194c4acf404911afcd0f563659ffcc45f33f249e0e41e8681cc15308d0132903

SHA512
3d419529e187c6c93d46e7216cdfe6710f77ba575a0fb42b57efedcc6a41261056bfda1ce17bbb85e9619931d420fb1e111748e6d8359d5b9776f1adaea0cb54

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll

Filesize
2.1MB

MD5
0f1846b9162b08ba83b187f8b812882a

SHA1
3bb577471354017b5c8f6ff1f5159801000110e8

SHA256
0c647f88a0f7f7d6ea9796bd7b0401b6359edeb21060c26b911dcfdfc874b37f

SHA512
ebacf6356894c8159d6ce0a3a4aac973b09ad6e80751f0edfda004e1df5cc2221f9967d1eff0cb59a3acfbede05e92ddd20b1dc095b2db65ca5c3eb278b9e5c0

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\icons.bmp

Filesize
60KB

MD5
0540c76a162cf8aea5b333a6e183bdbc

SHA1
10650aed77cafd0e0e10a98a67343157abe93652

SHA256
6f00271baba262330950c748e67f41f0d2c98d5e0a5ef7cf099d864d7d9891c0

SHA512
7acbe3537f07ef6dc4a2dff809b8cc74edbf7d02ee4a75d0f399725d2dda28c5fa1f407495a23301f322e1655cfef83271be05e8062aab022538fddd6b001ee4

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\logo16.bmp

Filesize
6KB

MD5
ecf6053084c253b4ecb999b77fd5e7fb

SHA1
fe7359187bd92e1e9312789a7c9ca1df08947c26

SHA256
4d502980795f580774e0904c22cef73aaf81eef9858e67e05d0ef10b74c62105

SHA512
7a86d529bf6eca3daaa428fbc7d0dbac20cf30261f2ab1495532cf52087209eb712734fa90d23e063bb3a8e833d90c827fc920cc6785fc19951b5c883fa93f3f

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\options.html

Filesize
6KB

MD5
adc6e16ce6e97bd1eb19d3a8dad7274f

SHA1
12b55eab3225b2250ba051803f7d791db59a46a1

SHA256
29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

SHA512
2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\static_img.html

Filesize
503B

MD5
2caff3519f5be538757c467d4fec4756

SHA1
7e77344f049d9ee4d216b6f412c01ba28596773c

SHA256
e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415

SHA512
029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\static_pub.html

Filesize
599B

MD5
0bf3de7de6f6a9ece7674fb245c7e428

SHA1
a71d601820676d5741734e825c7347d59570bc98

SHA256
29101ddb9fc880b921c78a8aa0952310ccf0fe4eb03479425500fc2e779d4b2b

SHA512
30dc0cf67d772a79dec244882f24c4a6ad71a3139b1b92d6e059f1e677ef138596e71c7bf12c2283b591ad64744b9abd15895fa29c4a600f64c784423bc270b2

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll

Filesize
316KB

MD5
8285d06c80bb289d22d7c67c4df2d51c

SHA1
0aa83342fd5d23de18fb5da4c4405ddc5b13d75f

SHA256
d5df73f377bb5113a5e1c4f7872db6ec4753568a1dadf8d5d09798ac9038ad29

SHA512
8de26c47bbcf0ea1dcab869ac21eb6d13751a913903a179fbd3ad8f30f0429b15c60af53c68b2661a7adb34a310ba7d91281da34f0ddfe595c409e11c0f34775

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\tbs_include_script_008091.js

Filesize
2KB

MD5
b734be75b8963660abfa7412095c7a82

SHA1
6091ffb358b2596d53f4e74e09da01326258dce8

SHA256
078d1eadf0733de055e1ca4ff03bdab7203a66823e9cb4d5a8539d84276759a5

SHA512
1bd848ab95724bf8b7c6dc2e91a066a85c0d6239c16c3e548cfaa7a6e57c62e432b820b7503e998bc205d9153ec28c7e590610b8f4481e28b2ef6df35f14cf68

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\toolbar-logo-dospop.bmp

Filesize
2KB

MD5
de7f84d3713c0e55ee2f584345647504

SHA1
8903bf45c1993fc2df3313e89971b4cba2ba9239

SHA256
759282b69a5a1c30a01e0ef7c19a2eb59955e33f0caa0b066e418ef54f5c5884

SHA512
96c820d6caf2385faf18aaeaffe743846e158b1e2eabdeb53ec9dafda3fa86ee30f070f7c8e65bd1a0325e6d6fffcfafec175dad07f0dee0f6fcb2660133a193

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\uninstall.exe

Filesize
48KB

MD5
652d9d1fc071f90c3e0adb8d79d7ade2

SHA1
b63b34d5b3f2d5b75b0b5ff3290752ae1cf3a68a

SHA256
7c30673fde7090d6f74623d9bf99e1b2f9661ec94d21d3c2ffb80e1c56d60891

SHA512
410d3c2ce92e5db4c12c46d399e88dac97be784f2b50946e40ba1689a524542e6220864d35d625c3cbb104e20ee351362dbb100423224d319fa62add5c3fa1ae

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\update.exe

Filesize
76KB

MD5
c050609bcf90684099902c043661e739

SHA1
e471468f128e3f8899d53f54f0fd64561a297210

SHA256
3751b8982c25d16aee9bc7dd5e22c83f323c8c68780012773612778f20279af8

SHA512
2e199a074fbef486518949bd57da18b7b221eb1d9d391c30d7ee73817e2d514438d25ed46f2ab68f79f0645013df5fd35100eebc805bea3830aa7b1cfb8d9846

Download Submit
C:\Program Files (x86)\DosPop\DospopToolbar\version.txt

Filesize
49B

MD5
f1610ba6a619c1703c4dd4ea1c8d71e5

SHA1
539d1b8b903d98bd9abaf232b4c2f370ac1e9e81

SHA256
0f85f776d85b5ee164a43c166dab525625655bd42b6c0503fa8d36fb702df666

SHA512
de5058badc73c1e267e24d7cd18e2c1207337d78185bcd17c4e1ab1131e30f4df5c051cceb748966fd4a8a6b8b2f1d11e2ced29bf5c5ca8404e3f5da5d2d438e

Download Submit
memory/2152-43-0x00000000005F0000-0x0000000000643000-memory.dmp

Filesize
332KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads