Analysis

  • max time kernel
    131s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2024, 21:29

General

  • Target

    8a941b3741b3b84f032df3fa8df05f38.dll

  • Size

    473KB

  • MD5

    8a941b3741b3b84f032df3fa8df05f38

  • SHA1

    709f907993134a655d996978a9e800f4168de1c4

  • SHA256

    86478dde55423ea79373c7717db21ed3f16998b88d4c2f14c029b0e4f05e8a2a

  • SHA512

    8fa577f4217816fc86fdbff9a052473a8de43cccaedbb81ccd26b2b187908dcee6416f191a2671b9617b61e40a00f113b3377af5f82366967f4f0c6daf4ec592

  • SSDEEP

    12288:KEyS9OOCHzSCcVflpCLPnLTeeeAlj6o4A:k/HuCcZHCLLTq4f4A

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\8a941b3741b3b84f032df3fa8df05f38.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1616
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2860
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2732

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1543111c191c0a1efcab25eabd31ca14

          SHA1

          fb9dc977904766e79081a5ceee5d9ed39be1d7fe

          SHA256

          eca05ab3a134513293f025f07c33c85c2eac233cfd0f7072f21012731c8ba9e6

          SHA512

          2bcd404a79af1da2dc543dfa486f9dfc206771433d30411f2eeecfc558f4b60a08f64facc98cd42c590014c6acff66ece9f82440c6e19186d99dd89f49e9aa13

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          aceabba670211180cbbc941d5a96a0c6

          SHA1

          f69ed54f127c87b818456f5afd1ce8d0ab38187d

          SHA256

          2bad4a4c2bbaa0f571e5cb79f78846b67373495cfaf2519eb954461f019227a7

          SHA512

          1bb5ca52b7af572fef00edc05bee3cf67c84233258f83f0190377c89b44f2f6e87f37d2074e523dcca9bd36008e9565e7b0c05ee86c701511b40b40159aaaab5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          9fda5dbf849c569c756038904db24e0c

          SHA1

          2ce18e2594e460b4fc33c5c6d1050961b2665a53

          SHA256

          b42d22ade4cd344e188443570099239f49e778d6c7cd4b51f0f4282d9a9ad31e

          SHA512

          c2a5cdec938504e3a36182d173e0213570ca4b35f5f778d35e98c9c6f1636ce6132d65c289ef86f6d76d5fe96808dd49063b60f8f5c879d35a1cb1728f1b5ff2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          4708f49217aa4034e803fb7872004ca3

          SHA1

          4ffc001c613ce18b46e8fd1ae80ca582fe51c6e4

          SHA256

          f67ffc4a350eabf05a33fbde948491e2135a3099d1ef2e88c9fef706418c264d

          SHA512

          69b3088a66d0c416b073d9fa4bce4b1ea34a3a37230680a3877489b3c0e20bba7843820ec3c9e63bb2a009a2c5c5f40dfd2fbedfa822c07d72303f226ff1d676

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7ff6cc385159f2e41d98a0e05391a2bf

          SHA1

          3cabdadc0897be46868c4754ec1f388bd81b3988

          SHA256

          8c8402f977b65bc52fc7c5cd3a21c41c9559908c262a03158b22f51a2fb94848

          SHA512

          d7e203b51a45a9381db56d3d512c50e760fb280d374ee0a1ddb3e4f1741846f938a6fca8916b1be1e9647568c55e6e764c9fcb24ebc2b951febf6bf39eee9335

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          ae0e274b65411d076623cad8867d6448

          SHA1

          4cafe80479eb2950bbe489ccd2ea43c90a6e2b89

          SHA256

          824f09aa2efbef8551c24839b0b5508cf790f5bd8f758484cc5c5b1c0835210c

          SHA512

          835fe6e5761c81621d892f933a3b0a6f327afdf5c18262a3904415233cfb049e877a0fd74ead8b588764dd22750b5e5afeac5374ea4d55e9dfa0e29efb6d1257

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          fb01afb0bf6b2f68b4eff047fb21a326

          SHA1

          6bdef66bd5118686bf2e05720c2ab885075caeb6

          SHA256

          d1225b3a4779dbafb293fb46ca7f8e471186e407b6ae3c54a1580ab7f2a6e3b1

          SHA512

          aa7ffa3bdf305f43007885aae1a6f1a080112530c138edb8dff87fb56df19a12a34a93f4868aec47d24f26e343fa3059d861b717373790237e0927ed6b86edae

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7ea56cdf9d4fc0df85b42638c8995f69

          SHA1

          eb79edfaf47c4c80024457b3ffecd09bc452606f

          SHA256

          846b355366a4432d55a6058cd400d9978af087d09efead011af6621afdccd476

          SHA512

          7fbe94472d6ef3940434b7b6fe775abe22bf2c83b6c6abc7a041f1ae2318f53bc6f7025f1aa513a4e34b596ce2f6f5ffff26c5b97b327a76e0622bbeb39a1b0f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8fead8d446c06735bbbcb842b95efe1e

          SHA1

          6627dc0d05f218de48b7921965d9a9a73525236a

          SHA256

          9ef398e24f15dbda95009370429cba30cbc8bfa6b3d5873fff701300cb4940cc

          SHA512

          f5790c304290b54858517a3c232185d43523348cd2b53aa0066bcefc9c768c9fb6353431967ab74d69bf0c102dd6f38187b4542ba960d664f7acd0866d2e97b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          401e64376c42ad9f7c44b0be268b04de

          SHA1

          c518e9efa1d3f40e89d5074eb5b81fd9853c672a

          SHA256

          bb89d7ef86f95ee88257f3e1de3e86612f12672031f642184e858f95e4d0bf00

          SHA512

          e12924397b72b601f3ab4abf0d1162c28ae9a4cd4c1e22eb31bf71d68a305aebcd0f832b66e274d8695ac1812cdc5e4d5208c1c4e8ce239bf161bfb59dcd0e6b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2272d09fae1dbf0cd2d0eebfde99d369

          SHA1

          8286610870d5fddb9e49622c712ea7e0175ab3b6

          SHA256

          7189cf339812607dd52d88297ec2b51a9e0627942c2d1ca8ea9d3a03ed4f3644

          SHA512

          dd8a2fc5fb1cd09e3e9c56d1a203c80b668824c7c9ad8a6ef7ea274724d9f3145f913ef13d63021e21bf954ec8e79b8652dc33a4a4d453745f822a74b7315a43

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2bb793b643f76c9cf79376417001f3e5

          SHA1

          068175ac5e43234494884ea4e5757afda7405bb6

          SHA256

          906e2ef391161ccbacda37973efe516fd146cd4b610d2f61950bcc28a694ac70

          SHA512

          c7d58a3898129d699e6a315311836e7c5401f2e1597dd5dd9b6b533bb6816750935ae248c7cc51da5a1be77244790542143a05628a218bbdb35970e865df9b52

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          92d2eeed6069eaa0b83838bce7df05d8

          SHA1

          04561dfba3fb96f63d834a0a52cb393531a4ed41

          SHA256

          d920b575d538f5be41c583f8c1bb158d19bc5e2babfeb58b5d62213587efa55c

          SHA512

          2210323c9d28bb74d9bbbe2e28c5f31762a77f29203f0abf6b9fb98d17d06e240b6dfe4b12089a5a8bd76c3561a238a9b9d79440c4ae03d2b051acc73c99f4e0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          98e3275138c25d94ddcb37962780576c

          SHA1

          f2848490f7c241582e6508d88f0344748a92bdee

          SHA256

          3d0c3fa7e2aad8bcee7614a923643867585e27bba8da44f1edab878e66739de8

          SHA512

          42b7a26bf844685c48ac1092ec7ddb122686e92e54979ea7cfb027dfffbb33fdfe7912ef0a69af2d12a2ae7bc7573acb1c716d7cf8522b33161d48d8b360cb06

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d29e8c2960990931adad4b0780f7d966

          SHA1

          7986308a783601286da2c00902fef2b8b2036f76

          SHA256

          2a1682dd78b2620e7c0068b5678c0acb4155d8cbd621391d7f1d3039a64182f3

          SHA512

          6b9556bd1c69bed3522fa67b93d5654a2914d802611ac48ae275fc8535197b52d602ec5c0d1abb58f0f66fb2607a8290d4be8b82a5c2137121d4fb8a27394d5e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          15740d6d1fc720219bda77330eae0037

          SHA1

          7a1387f3c613bf431c95b23196795417f5ca2c71

          SHA256

          fbf8f78b0da6b594220860431eb0746c0f7ae99ce795366e4c411d30c5374a60

          SHA512

          6a6c3b7aec3a0cc9dbe33b24442165300a58cb8b83c7a9a40fde8d85ac3bafb8959f855933c3f65c36c2305b6e0b253159316a6135c4388d34ab5f5911c61da6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          43f3314fd07d5098a75f1168a104cc2e

          SHA1

          b5d3cddc2ddc6f17e5d13ed46923200561c15828

          SHA256

          65e2effb4b1f7855575ec557d0ddcb767126dbd2d8c356c493922c51b327062a

          SHA512

          5ea5ca25e5fe4aa4054283bb7d2ee83ba97032bdeeba5d496e6da10ac71ec4eb4116c54f3c669a7fce817987ae767a4be9b683ae1a84f0edf8ec2cf1399a3fb0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          684fb6ee8434903d8d95bc07bb429551

          SHA1

          1e7a0edc9a9bb146c19e09b3be1a1c6348c972d8

          SHA256

          f7f0a52eeaa4ee7fffea14afb45a9443d7244c89364ee2835fcf596fb7403f80

          SHA512

          6d74e5042b5cfa431b1b40e0ce0af4f7b8398bb87b62412c15146e93d56c6870b7e7616046a575cb5095e45273f70831e7977e22494b2bf51110a5796dc57421

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b2c3845c4a5dc8b79b7f746d895d9add

          SHA1

          a725fe7b3f5cdce823971419cf7b225aa244f974

          SHA256

          4f9680df2472c1f2489480330377725e37c8f9296bf66d551f31a20862a31e38

          SHA512

          19ea180e8dddf8cc0abb7ebbee2bcb02ae4a6f90c3112537d79a6cb813544d71a4068bf10d677581cf1e42ee9891b0f968d18d4f8de5bf38d9481ca335cdf59a

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\errorPageStrings[2]

          Filesize

          2KB

          MD5

          e3e4a98353f119b80b323302f26b78fa

          SHA1

          20ee35a370cdd3a8a7d04b506410300fd0a6a864

          SHA256

          9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

          SHA512

          d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIEDGG3E\httpErrorPagesScripts[1]

          Filesize

          8KB

          MD5

          3f57b781cb3ef114dd0b665151571b7b

          SHA1

          ce6a63f996df3a1cccb81720e21204b825e0238c

          SHA256

          46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

          SHA512

          8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

        • C:\Users\Admin\AppData\Local\Temp\Cab342C.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar34CC.tmp

          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        • memory/1616-0-0x0000000000300000-0x0000000000302000-memory.dmp

          Filesize

          8KB