Overview

overview

8

Static

static

7

7df365fd72...18.exe

windows7-x64

8

7df365fd72...18.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28-01-2024 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7df365fd721d0afe14921c46b7cc7f18.exe

  • Size

    19KB

  • MD5

    7df365fd721d0afe14921c46b7cc7f18

  • SHA1

    3a1db3ec7c1f88aa10b97bcfc05eda3e49ac42f3

  • SHA256

    f9f0f56bc391706dc7df7bf9f68643483f0429af9c9616f1784b4cc7eaf6d7e6

  • SHA512

    5283faa4d86d2610d4ec8b2a0bcc3813415d3ab79f183a7f7923c8642c716c8f94861d10579f4d0e3a8a2fb551099b3ef96e65515e508e4268db0e3a01b2be7a

  • SSDEEP

    384:MTXkLYWqvxnLelXLjXVwCD4VV3sf3eke8iykT+NiCv6saNJawcudoD7UQ:HMvBLeFL5wY4VV8fu73L8iCSlnbcuyDY

Score
8/10
adwarepersistencestealerupx

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
    adwarespyware
  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7df365fd721d0afe14921c46b7cc7f18.exe
    "C:\Users\Admin\AppData\Local\Temp\7df365fd721d0afe14921c46b7cc7f18.exe"
    1⤵
    • Adds policy Run key to start application
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2972
    • C:\Users\Admin\AppData\Local\Temp\sbsm.exe
      C:\Users\Admin\AppData\Local\Temp\sbsm.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\sbmdl.dll
    Filesize

    10KB

    MD5

    e2695d814a34633f14f4fc39d0262298

    SHA1

    c98429e44969912c5104bcc203efe89b7d0dcd05

    SHA256

    e3661798b1f3425f8948b2f03334ac5a121b408e1103ca58d252b39c916649dd

    SHA512

    728db69916b16b6e14263a24fcea14b196d4583c0a31cf7cf970ff5fe3dbbda8aa4c75d96038af416b567e384db55c1d390ccedc3f3c881630d0d0613da2b14c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\sbsm.exe
    Filesize

    5KB

    MD5

    20c0807b8cd18e71448a45e3a381193b

    SHA1

    1cb67d5940162f2df65f9a883e75152968fa68f1

    SHA256

    62531b6ef0db8378cf9339a9ce1df786903ada5a95418490de2b875d486971dd

    SHA512

    31b7e9b22c002eca1e8d89c00f70859970974a3a8daf9ba45d7088a13a71e2a31de9ec79533eeaf5652b9d60b99f79d38cb298aa1dc3e8af0ce29c0a74003cf9

    Download Submit

  • memory/2972-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2972-4-0x0000000010000000-0x000000001000B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2972-13-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2972-15-0x0000000010000000-0x000000001000B000-memory.dmp

    Filesize

    44KB

    Download