Overview

overview

7

Static

static

3

88fc9afbf2...27.exe

windows7-x64

7

88fc9afbf2...27.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-02-2024 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88fc9afbf2ce70f9b9b3055f2bf15727.exe

  • Size

    5KB

  • MD5

    88fc9afbf2ce70f9b9b3055f2bf15727

  • SHA1

    3b2af13a2d00f07ec0c098f679db249ecf8c3372

  • SHA256

    9e79b00a152f610e6ceef27e43316621740b946557065c162bcd1e338db8b581

  • SHA512

    111da5f4c53980390ac52facfc71c0a5bd4e60afdbaf9c58252fce2e03e52f59652f2289683040aa81138f3d837c45b11b967bea626cb28b2c8c87990097856e

  • SSDEEP

    48:ZvtTaoUSQ//HL9bIzIZcYFpurFBXVONM8KHHAH7dhNAMoBAX:Z132nHLq8SauXXVIwn47hcK

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\88fc9afbf2ce70f9b9b3055f2bf15727.exe
    "C:\Users\Admin\AppData\Local\Temp\88fc9afbf2ce70f9b9b3055f2bf15727.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4140
    • C:\Windows\SysWOW64\regedit.exe
      regedit -S c:\temp1.reg
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • Runs .reg file with regedit
      PID:2536
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" %1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4416
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4416 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2380
    • C:\Windows\SysWOW64\regedit.exe
      regedit -S c:\temp2.reg
      2⤵
      • Modifies registry class
      • Runs .reg file with regedit
      PID:3976
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\temp2.bat
      2⤵
        PID:4076
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\temp1.bat
        2⤵
          PID:2880

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        471B

        MD5

        164c747ec05b351867ac47fb8ac89dcb

        SHA1

        d814dbedc7356af4d274b907692c28baea48dba0

        SHA256

        e675e63c991701c36625eb6ef0d2e009c743f7a6843192f74bd10ac641503181

        SHA512

        895663660c26f74561154925fd7ef4c2ee7e8fe0ad25985f7ed51ceadb476d576450c8c57aa8e8ea350be398b491f0bb5fe54744d7d1e625e4ab97a93b375643

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
        Filesize

        404B

        MD5

        36a4b77667daff3f8d8c904d245271ae

        SHA1

        b4119c1882e423908121919d604b84f7803215de

        SHA256

        abd896483fe58095572268726b54408e5d3fc4d0b0923022a9ea5a5bfa14bbde

        SHA512

        1088b7454b0a1d240675e24f0e4d34a33bff61f39fb4bef2a10e1773e46bbecaa35f6486e1844d80a968246b9ead744a39ba949d7c5d268b5b0f30a2899a987a

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\J6M39GIU\suggestions[1].en-US
        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

        Download Submit

      • \??\c:\sysdump.dll
        Filesize

        4KB

        MD5

        0f5a93076c263c6bd7dfcaa6ce495b40

        SHA1

        679a41c69e1496aac73db8fd8655a52faa4a82ee

        SHA256

        140e42773f64358720b593129a59d9209a4749185c1f347483b051bc36007d3a

        SHA512

        b0e2d40d67323e27ce129c0eb2eff3ff5cf49271382f0cd01053047a7b00136f0cf15e2349355ed53e92e9a5f608c85d79c41d594683c9a2719de24de7a55568

        Download Submit

      • \??\c:\temp1.bat
        Filesize

        196B

        MD5

        f9d03e7273985febb2e1d4152d7edea5

        SHA1

        cc9548e31d4f924d7350138975b18001241b68bf

        SHA256

        481efba00f8d421c9ad23249ad6052e2831b01da6d7058fc1fd6f19b2faea28c

        SHA512

        7977eadd94bc8a88fa237961542831e3b9f497992fe414d6f81ac4960a06d3a9449130ece49058792b8f5af48cd03b98f88ba1bd65e7e5fe1c450a2e164d0774

        Download Submit

      • \??\c:\temp1.reg
        Filesize

        435B

        MD5

        492eb2c8ff983e87c95ca5a704c6f5b8

        SHA1

        8677a4e0d606a526b1c90f180116dea7a6bcb0de

        SHA256

        9f0388e16d77a4560acfe712ab8a8c6a171c5d369c4134cd3af9bec658bbd431

        SHA512

        ded2c5fa380fcfaa346dcb33a0775cc476ee7f152b0b54ed34b3e97958e200f1f9f01ed546adc2241d2462cfaf39e9e273eaba04cb2efcfbf7085ba9251acd6e

        Download Submit

      • \??\c:\temp2.bat
        Filesize

        84B

        MD5

        b9975d30ddbd098a754312e16f744ec6

        SHA1

        9d41e8816bf8f8aa48356c99af46e64947a0d2ef

        SHA256

        6e4f3dd8bf9469f50bd04878da2bb005a9df85192a5c7428b4477cecbfd4747c

        SHA512

        5bdca7782ebe7a2d919c7c096d0b2e9927c68044a5ca802ce7a43e6d4d62fda7b5d7620a1154e640c9946def1b13539a948a58bf13697f897748dc66e3406c02

        Download Submit

      • \??\c:\temp2.reg
        Filesize

        128B

        MD5

        6fdc273e79d8888a813c762aa55edc39

        SHA1

        a3e72c4eaf143697e3c1a29c8b1c223c121e1d58

        SHA256

        e0eb2406ae229d4df0d3ff5bb8f9bd907aa947b51fdbb6bed1a3238852849f6c

        SHA512

        370125ded5b43b67cfc8f28363086fc9b2c85c6fe53ab1e5e00281cf87292650b2abe7bf9420631ca405f4c7e213bed00c53432329cc5f7d6d1f615a02a1f253

        Download Submit

      • memory/4140-0-0x0000000000400000-0x0000000000404000-memory.dmp

        Filesize

        16KB

        Download

      • memory/4140-10-0x0000000000400000-0x0000000000404000-memory.dmp

        Filesize

        16KB

        Download