Overview

overview

6

Static

static

3

806d14bf1d...a2.dll

windows7-x64

6

806d14bf1d...a2.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    138s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2024 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    806d14bf1d2836b244a9dc680419dea2.dll

  • Size

    52KB

  • MD5

    806d14bf1d2836b244a9dc680419dea2

  • SHA1

    35074e4edffd51963bbbe189f462ddbe1d939e7c

  • SHA256

    5bb9b1d8db11df831323a1cbc4b8e0aac7d62f22e395dd174726bd4468425e37

  • SHA512

    ff81f0e6cd18d5ef82449e5d5054915ab8a95246b8d2ce129b0baa3aac0c8e4612e17fecbb91dca4ddd1eb9e65396b0c6c448f252884fa8407fb072d367c0c8f

  • SSDEEP

    1536:oG7iUd/wW9apYef5zn9J/hQJltb/sr+sd1Rn4i:37iGclt/e/61Rx

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 10 IoCs
    adwarespyware
  • Modifies registry class 12 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\806d14bf1d2836b244a9dc680419dea2.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\806d14bf1d2836b244a9dc680419dea2.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:1252
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 892
        3⤵
        • Program crash
        PID:4844
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1252 -ip 1252
    1⤵
      PID:3048

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads