Overview

overview

7

Static

static

7

ac9a482577...6b.dll

windows7-x64

7

ac9a482577...6b.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/02/2024, 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac9a482577010a4201bac118bafbc66b.dll

  • Size

    63KB

  • MD5

    ac9a482577010a4201bac118bafbc66b

  • SHA1

    3faa19adcc8f9f3d561dd5d0a4ec3fc4dc21f931

  • SHA256

    c04b665bd6d39f249d8b118f3b12611be711f72bfdd6b96e4ad899d75938330d

  • SHA512

    0c93bd9cec8b2c02235088312513594efe96a2fa294f705cf19d5f7a45dacaf07f6d447f88d8ae59950b2e935069c3bb22a58c3f959fae4c98e0ecd448da99ca

  • SSDEEP

    768:nHpI5EBmwLXHN6RRHHdB+BmHY97o014/89GH4X6Mgd90YQFO6ZXsSKhAUlxSoLs:nJIMlt6RRdOm214/hVh4KhHnZ4

Score
7/10
adwarestealerupx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac9a482577010a4201bac118bafbc66b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2480
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac9a482577010a4201bac118bafbc66b.dll,#1
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:4692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4692-0-0x0000000010000000-0x000000001002B000-memory.dmp

    Filesize

    172KB

    Download