Overview

overview

7

Static

static

3

8fa3d0be26...8e.exe

windows7-x64

7

8fa3d0be26...8e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fa3d0be26fb0078bea9668053a2278e.exe

  • Size

    1008KB

  • MD5

    8fa3d0be26fb0078bea9668053a2278e

  • SHA1

    9f7a61325107bff5f2ac2dc5e9086ec618d970bf

  • SHA256

    2eeb0679d6f277074cd115ea462c110c56c68134027330097f3b5c5a3237a959

  • SHA512

    51ce166d7b00dfd03e8a6735ea9489f6efc79f397e109e91ff980fa49bc864cf41841aaf1882d938ad5f52841ab06376097efe5e1545d83f0339776ade93ce03

  • SSDEEP

    12288:sc4+Lnk67JtN5M9UeGFpNFQfQ+1XNyDTzA8GrSHEU3cRuwjQKd9NIXRHQMDhbnxF:pdDxofGYfQ+9EnBGrSkVu102RHQkhbn

Score
7/10
adwarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 16 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fa3d0be26fb0078bea9668053a2278e.exe
    "C:\Users\Admin\AppData\Local\Temp\8fa3d0be26fb0078bea9668053a2278e.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer start page
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\SysWOW64\Regsvr32.exe
      Regsvr32.exe /s C:\PROGRA~1\fx678Toolbar\fx678Toolbar.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2848
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\DelTemp.bat" "
      2⤵
      • Deletes itself
      PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~1\fx678Toolbar\fx678Toolbar.dll
    Filesize

    574KB

    MD5

    923512e3c24ab8c1bae00c8651517f62

    SHA1

    4946a5ac59527f210f9bb63584d2b75935304653

    SHA256

    531ab7f4453e2807d9bcd242dc5f8d94780499932b14c10b6009c36d9dec4f21

    SHA512

    2ef5bfea63e515598d30bf128acda0713fdf2e32f10003b97a9d719cd2cb1494ac5f91983b69099178c6b4593e689738d47aa277aa55a3f59f0b35d649d6ba67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DelTemp.bat
    Filesize

    123B

    MD5

    b12493931e5294e78df99889cf3ab3ce

    SHA1

    d7da714fb97888d8a8cac64e220e410c380d461e

    SHA256

    661eada4df31a24144e47949d7c3e9406a06b9339af09d64912dce199373d02e

    SHA512

    7089e09c695c6901886bca32104d1c67e65572489fa63f60ca99a14b29dd41675871c3a31249bcf109f7fc3640dc9b39027f1132820923d9a2bc7cecad9b1f05

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\¹ºÎïÉ̳Ç.url
    Filesize

    111B

    MD5

    00a09a89ff80e65454523f88732eec7c

    SHA1

    1c9b57277a8338795dbbdd2b5182798450ef6428

    SHA256

    067f313a60f40cf3523f0cef5a35fb34b72f0fa05e65b1746bddc9e050a1f121

    SHA512

    c775172e5dc0326916e39dbedd1494a83e83be48782915976b52b9286d08249a2080ca610a1c200666bf84fc576b683ebd2f7c57829adbf02b690fc59d51d4d7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Æô¶¯ Internet Explorer ä¯ÀÀÆ÷.url
    Filesize

    103B

    MD5

    534bb0175e95a0aae130995e507d5e05

    SHA1

    295077632d9815e4af4c30718f4534133a45b5b5

    SHA256

    cfa730e16a89744189ce9f198e27843c1063fbce23722e73f7e72dca23221ead

    SHA512

    df7ce3ee1c8ae3b8b2142e5929b4ab4b3a4c0a5dfab030baa26b18f0d81a310a3b48664ae148dfd02f4aa6d07d37c625ae29571c361997e88fe03323cfbdbf51

    Download Submit

  • memory/1888-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1888-33-0x0000000000400000-0x0000000000501000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2848-23-0x00000000001E0000-0x0000000000274000-memory.dmp

    Filesize

    592KB

    Download