Overview

overview

7

Static

static

3

7bcaec6c08...79.exe

windows7-x64

7

7bcaec6c08...79.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...4_.exe

windows7-x64

7

$SYSDIR/$S...4_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/$_8_.dll

windows7-x64

6

$TEMP/$_8_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    133s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 01:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/$_8_.dll

  • Size

    387KB

  • MD5

    786a5685af4b708e62acfbad7fc6c769

  • SHA1

    7e49ca417e0ae64e9a415251e016b55bfe7cb9b2

  • SHA256

    a6311b27642edf137af5eb9850eb6c1ecc86162040c03642a5b8afd7744f520a

  • SHA512

    181a537da11911fe7c94597968edaa28c7bbb97c0db9f760e0fd7fd3fb4cb0a7e2b228c8598e571e68a54bef2bb3da151c998b6a341ffc0ec985150f2485a850

  • SSDEEP

    12288:ELYeMLuvtV3PwvVQsM0+qd7hxVYkUHsU:9iX34VQsM0+qd7h7He

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$TEMP\$_8_.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$TEMP\$_8_.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2220
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2912
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2912 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1240

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          aa6f6392dbcb368886aba7802ebc7365

          SHA1

          4de671c33f544991a6c6f529a0c51b65f8b60f66

          SHA256

          a8c12ed1fbe9dc2b79548a627c2f5b2dd313512ccceefe52498faf0a92c71c03

          SHA512

          0abe5364bdf60604d4349bca8b53fce6241818ca20f7aab521d70e18a60afdcefa8b2b09a2747040ffeaa3460b5c2ea6ec3d99d26f969c39513a5fe3529c67db

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bdbf273235ec9dc2957d008f8628b50a

          SHA1

          9608d680a09e2540415480c5b00e43e3bc2eacf6

          SHA256

          2f68d9a73193331242bb70fce75419dc0e3ca69633df801affdab867a010c7fe

          SHA512

          919e41d2f07dc926935720d590b8b864cfaeb4902318d65fd1298ffb5957658368aa7876ea2e05583578d44017573eb63e7ce33cee4b8cd005b5e7be1806d8b1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1d506116069a8732fae46a7172601e08

          SHA1

          ba2dd17255861f5211e5219e7bd1c23c12887c4b

          SHA256

          f091e5b6ec51ba18416a22cbf4fff089e792bde2fc0bed536c723fd34e254e8f

          SHA512

          4f841295cbd4e6c7950327486636f799c073fb622dd967421f6e7fcac846f22888993d54de45f2a5424b889b19fc2d41ef04b024120ba79ef50711c71c0e2571

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f837b086b44858baec126fa1da60323e

          SHA1

          28edaf7583f8ffc380b4c5e0b101f119973bddb3

          SHA256

          38e44427020cde7afae795cdefbe9c198bce6774ab7d44655644f09bf5679bbf

          SHA512

          25a3dc7342bcd03e6f3c1ebb8c95aa3047b9e2fbb59474ada327bbaa6a4714f1321d439cf8d242eeff484ed78b7eece1e2ae94eb9e5a351ff31017ec143d0cc3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fcd30cf7a8565165d63a0a7d67be0cc8

          SHA1

          593c5e27fc0207bf5518048ff627ad204a8e764f

          SHA256

          da27a082ba9a77de1c79ba49149b9a33937e117a5f42772e1f58acb4653f6598

          SHA512

          6c867b13912bcfa2efd7078eb2552af05bcea8fad73d8e164c7b7897317671192e51f9f836d3f8557db2ada465ae1bf384c41515af7eb2091b38dcb2b989ab65

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4e77c26d6d415826bcd037c074939c9e

          SHA1

          e90630d857a4de030c51366a36bd096131644cfa

          SHA256

          7b469e482c2d21f95d012ca49a01f954c0d9c95f76e9816966b6e6131e63ed4f

          SHA512

          f854438d3831731f1e02e56bedffb4796dee19036df87186e781ff1fc27d24039482f38c8bd76ca118ee1d865036dee8b800992a1995c47b2c85059e520051c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c979424587f7754d37875be505fa1cd3

          SHA1

          07a1e99cbd6381c4875da5f62aa971890cf711e1

          SHA256

          ecf96974f05849ca34643ede69ec26d45c38f82f8de8d428eef9d64b0e86d70e

          SHA512

          5a96eb80c6a848292a0651464b55dde6b98fe32016b4fc59dc4548c862695a342a8d28d8b2c7c9c6da9a71503f0ab515567f9866315ba6b2284f06e4561c454a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e078fee60306b604aa36d99559f0e112

          SHA1

          18dd137dee490cb1ee081e203653986c11c0cdef

          SHA256

          39cce05f37188a72ef5267ac6cf523c2d17d858e96c0d85e48a2fc3f623111fb

          SHA512

          1b041f8fcee7b239a17f63ede5c3131fe9fead994b3e67d0479ae1757939883a4b27c4e6ae1b5b2a0b6f8b484d47da3b00bead0ba6539df041ebfd3cf295dd71

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e6d476a54b7875ce8bda3245f79c061a

          SHA1

          6367e2659ca0bbdd0fab47f1cdaa4f1a43f54b2d

          SHA256

          ce0effb2f4604bbaa5ef061c424711a2d3d51fd1ad47e3cd32a978c757357b62

          SHA512

          bf761f358564615cc1d1bb79327ab298c1a8b703fd1f85799dac0602084d6fa0b82a7b83dd2f5dbfe9d319e40ec52ce535bf582a987c75dd86a6c08185b75082

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ffe74e420eeb248478e5aeb49f74292a

          SHA1

          fc4421636c00abccc40fc242275724eabe465ee4

          SHA256

          d1923f127001602da278919d59f5564e5edc513730870694b5183e51d33b1be1

          SHA512

          a64f0f77d169471edfba1a11467b852dbf9f50cfe5eb22c25245759db2d5b1a6b66febf27ea22e77d49d9637b5d611dbac2b0b779f21586d44b399d7b83e982a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e27235c35cc173e2e55e5c80251067f8

          SHA1

          b51ca9e3f2a126a0a70cff37eb8bbe70b0cf6052

          SHA256

          80dd56efacbf0a0102842be043ad998437e3a55bbb7c5f46308bd03d7f792efa

          SHA512

          0920c7cfc31a16bae79bf30c5608c86dd12c3f0dcf48841a274d7ceb6a284892497f16d5d0f7eb47d69dc8f89db51ee8317e08038c4aaa2c078dad763a04b42c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          25424a420af14dede39cb49177910c9b

          SHA1

          00a9ddaaefb8c72394a3bd3261b68edff37482a9

          SHA256

          046b648cb9beb9f6299c82b592bd3d82c6f057bc33f87873b3bf6a9b2859155e

          SHA512

          702139d14263220580fe92e8ad36dded0c14153455c454fb5ee8c57a528e5acd1d8a7f555e3112792f4c55d38c248f1d7a8522206a4214dd52a8638d968a09f7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          87e787c0b0b0596b5543edec3cda4527

          SHA1

          6c279fae9f2ed7cec02c6f04b21ab3feaeb53075

          SHA256

          d6a82e04dfcb8b4ce48802dac01d8f5cc62c1dcb6645a0818ccc4287b06aa456

          SHA512

          e0793596282e93026ef1396fd15a7008dc1d2e0534b6e4524bc1fdc8ce1689832294d28d8c272ef38f58b1e220da6aab1f508954673ca7f63a6c5fad53bd8253

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9000316bfed8b9e6d0ebaab739f944ba

          SHA1

          d44645fe9e968116708290c50d6078da3b7afad5

          SHA256

          7d538b0736f58c69b532d714335f21f15bff7e7594c35142d06280b3f7a0fb5a

          SHA512

          bfe6525ec63f83991fbe9e195cbd06207aa8568f5125822d9ec4c8b5c8c06c17f5aa9572364bddab614367ac03b33fa0cecd3a03ff2f399bb6f8e86564405900

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fdf560f4ab8f1878b9653f78f644ca6d

          SHA1

          4948425ab2eec5539010f2bc2ecd06d62428af4f

          SHA256

          890ebcff351b32b1e10a1184ef50d679beac9540a71724511263f3817ad81f06

          SHA512

          951eb0864fdf43f7255f1eadc2b4d60a46ab73f4c31c148e4a48b9f880430025edff301a10926d2b42a6472fba8bc609a7d3379387912e1499a32305bfdffbaa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          29c2b76b2aa72139b7dc022920937563

          SHA1

          de27f78eeba5a148f03f8fcfc24f4d2bd82b8182

          SHA256

          eaa29c26a78f72a28c93c28dd6e55a0fa7203ee3689d00ea11bf4da10896bc8b

          SHA512

          f71c6db2c95baf1ef211c293cbe642eef60ae96ae8c93178e94b416d5bd435982293b44ad51dc238f97f9cfc8fd0a81ff39d8566ede3307fe293a5a622222044

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1a44afffdd05f3b7b2515f0ac2f94c9f

          SHA1

          0fd042e6f6d3ea29e076a9054b56eccdb0e4a3e4

          SHA256

          b32e2543358fff28d3d46eefea4d43fea993f9c6039bea0366b58aca90ae3e6d

          SHA512

          f73a3049743fb2e6482108c263f2d118e1da3f7afa81d5ee6442fb5f7956c7fa879d3c747ecee3b7456cd1c752a8ce0b9dc0c13760d891dfa9f0cd21cd187447

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          32781854c60659c68c6a872fb75f49e7

          SHA1

          794ee35b88fe3abd60e571515089292157a778b0

          SHA256

          42adf2a668f748514a83263b1d7389f1e0beae65b2196de56b61f7f239f9f4dc

          SHA512

          9325ad56de75884a524da6abee9b527f32ef056b2edf393b618a514e9e112f5bb21448b1d6cb0138cbb4fb97c3ec21a56901986a2ec67730e290f81c965ed6e4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          09aea907c74cfd69d8b9cdbafba8d23a

          SHA1

          548fa1638d4644b76c5b5205403dcdc3dffbb2d4

          SHA256

          f6ddb2a0938ecf8c9784a22e4a693d349fb52245abf8fb5e00c41b5d88eed376

          SHA512

          aaf17cfa84622d2d14c9fa36c63706565a2f93c1321b0d4292737cc539b7969465b7f4f25a6ecb1566539a93b055727e37c4b4a185a69689a892e821d64680de

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          dc10334713c0fa102ca40fc427329770

          SHA1

          7fa2db29cd62997b5e4c3d5000162d3ac89d77fd

          SHA256

          d40bc05c94abb156fdb51152e32ad84876e94c539721b3237542d47210ce1469

          SHA512

          f07d386445414f92621b933acf79350a048230bae46407f14c6d47877e15fa012381801275c62e69a0204b705e144c79fa2172339b501e7c8c2d50d2b813ef80

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b6b216986e4eff4f4209dccc24720e57

          SHA1

          66a6c5589292af1a28f606f80c1cf36c4b22a1d4

          SHA256

          afa8a6a23a36dfef7758bc5891f31440c6888b6a3b70d60f9fdd2acf76f50943

          SHA512

          82f95c062e775a964fc7ff147558e47c1c1789ed9b9f7fef7d98dd21c871cb03b31fa925a7eae9fa5d79c5cc7092bf29c55405e5b9fc8ea02c5a3fa14699c932

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          36c3a2a2873ce4c52a012bb2968b776e

          SHA1

          c0a192a254639f190fbedfb90b2819ec8a475380

          SHA256

          ed4bf7704e54bf3f694ea36803d68583401b78f60e22257509155eba9028a911

          SHA512

          3edcd2d35b6f288f4393ba1c48aa3cb69fca3e5919d01e93b7a321eadfdd3cc60cae273f616b001041fa6ca17869b37f480bf939c226950c9f48e84ebfcfe834

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          19b6c0a8a8f71ffff8c40356a4e32262

          SHA1

          6e8d3a157e02a35709c9a5392ef3ea110840f2c4

          SHA256

          e88cb394768472b3a71a9946e5825a8426da83e6015738c9d7500328abf261dd

          SHA512

          ccbc5ab47993745b82bb56604d3004d3930d38cb2956aafd72eedf3ef4ae00cb3c0b9c16fd91f1b670af78e53fa7493a5fcb084cfb545536bf2400bef565899e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar24B6.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/2220-0-0x0000000000150000-0x0000000000152000-memory.dmp

          Filesize

          8KB

          Download