Overview

overview

7

Static

static

7

79341b604b...b2.exe

windows7-x64

7

79341b604b...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/01/2024, 03:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79341b604b5a392afd2214d1154f25b2.exe

  • Size

    87KB

  • MD5

    79341b604b5a392afd2214d1154f25b2

  • SHA1

    66604ff8cdac12451c31ab790fd3ca980f13a182

  • SHA256

    e61755374bbb0eed7350da3bff07f3b77086165904025684b880305dafc4f007

  • SHA512

    565709508c3c3a4b90ca238f32becfd39ec4407e24d54139b40fdd6890a330309fc92464a268c0cac858376f31904960ef3d0a052bdf5daca3d7abf60eb05759

  • SSDEEP

    1536:HsfXh6ZpfFyoNCoGEvBlfXyoBncIe+E9WQKzuHkN1MAarP0nnRshPdBteJzmnvk:MfXh6ZpfFyhEp1XyoBncIeeSHqnG0nQg

Score
7/10
adwarediscoverypersistencestealerupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 6 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79341b604b5a392afd2214d1154f25b2.exe
    "C:\Users\Admin\AppData\Local\Temp\79341b604b5a392afd2214d1154f25b2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Windows\SysWOW64\regsvr32.exe
      regsvr32 /s "C:\Program Files (x86)\TopGuide\TopGuide.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2992
    • C:\Program Files (x86)\TopGuide\TopGuide.exe
      "C:\Program Files (x86)\TopGuide\TopGuide.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3052
      • C:\Windows\SysWOW64\regsvr32.exe
        regsvr32 /s "C:\Program Files (x86)\TopGuide\TopGuide.dll"
        3⤵
        • Loads dropped DLL
        • Installs/modifies Browser Helper Object
        • Modifies registry class
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\TopGuide\TopGuide.dll
    Filesize

    105KB

    MD5

    af91dc5eb2f1600a2acce03de4db8161

    SHA1

    3dc31ecc6ab4111d6f265c5a5700091449ae9df4

    SHA256

    0c1113cec21ed5a03fdd50f4602c362a161c55e4681788328624c296e49a70a5

    SHA512

    67f563095432601fddfc181c1fe1b020463c77148f59c8ea9bfade4b9e3392b1b1906b9603a10041d17c75f24265a5a9aa87ce6cda1d64ae356abba69519b3f2

    Download Submit

  • C:\Program Files (x86)\TopGuide\adc.dll
    Filesize

    23KB

    MD5

    33d7115901c7382d911c5e5f28d95850

    SHA1

    e6b5b513626a1afd7285a1a3648912d54e819128

    SHA256

    b6af553defd463dd7d63b3c65b27d81a1ec5bb325cdaf57d3d42792e8d0dd361

    SHA512

    d5f697dad1c37b7b9d1ea30bd400f1900046fedc1c5ea4b9dea9646ea94f43ec81d3dad6f97f8ab2ab97c2804a939f72f903efae4b1e3e6f45b970bf5bf0eeed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    2bb87029a0660054e9fb1261a400992f

    SHA1

    b20bcafcab754e2dc0f5aec9facfdcccb374bd78

    SHA256

    821bbeb3f7bebf66148cfbc56eccd347d52cf26799be098f51fcded21e277786

    SHA512

    c0de9618f400d99827b90bf0a432a013e0d0693cd78b0e3277446439b7363b9a9e73ef543804c6990aaddbd9b207899b595748d3da967f065328fb277fbcf666

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    dd6288d64b6f282c8f290576ae948bcd

    SHA1

    d71ae529c44ae7d31d1c32a4f923ecd6a27406ce

    SHA256

    28cd67ab52bd7fb066ac42899e8f199ff3886cbf6b200d25a5b9c09e9a25da66

    SHA512

    7f5392e26962867cd70c24673e05b56a6c5486f978d3f016f499640527876f8ad0c211e81d5f983efbf86926728c6d184bdf931e05478bf0e66345bfdce59cb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF71.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Program Files (x86)\TopGuide\TopGuide.exe
    Filesize

    45KB

    MD5

    97a66539f4cdf6f5970d4f3ab62e7157

    SHA1

    32dca1cbc2a1729dae1fba9b66d7221ed8b0b6a2

    SHA256

    d8fd95ab37afabedcd5d6a76785897b70770644ed3ab8a2b274dfd6ed971ea12

    SHA512

    1857d4829bc758b49a4ba7c2e5bf16b7d07c6eebde561829c4a2f850f50399da5ba68026c5ae19332af023117b750abfa39d05b844c2131c4479cdac387b8abe

    Download Submit

  • memory/2392-0-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2392-1-0x00000000001C0000-0x00000000001FF000-memory.dmp

    Filesize

    252KB

    Download

  • memory/2392-125-0x0000000000400000-0x000000000043F000-memory.dmp

    Filesize

    252KB

    Download