Overview

overview

8

Static

static

7

41033e4baa...e0.exe

windows7-x64

8

41033e4baa...e0.exe

windows10-2004-x64

8

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$TEMP/BroomSetup.exe

windows7-x64

7

$TEMP/BroomSetup.exe

windows10-2004-x64

7

$TEMP/syncUpd.exe

windows7-x64

8

$TEMP/syncUpd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 10:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/syncUpd.exe

  • Size

    223KB

  • MD5

    4798812066cbae4409c74a92f61d89be

  • SHA1

    f22ae1face4df9e4ab6445a6e43eedd12c8af868

  • SHA256

    17102324a533f9666f6d2a9a9269807f9b49591a20ff7fd4045c43b432ac0079

  • SHA512

    e55b78580a1aa1ab9e262ddb57ae95759d459ab75db99459882a22f05310e2e53131f05e0f110ed0cf2056b18f8671272eabda5cbd21667cd51be5754e4c3e56

  • SSDEEP

    3072:dlprK266lvWQLu0HAm3RwHRMAbMKjjBSNljGHQJq5JE:z6cuQLu0HuH+i9jjGjnG

Score
8/10
discoveryspywarestealer

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\syncUpd.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\syncUpd.exe"
    1⤵
    • Loads dropped DLL
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\mozglue.dll
    Filesize

    593KB

    MD5

    c8fd9be83bc728cc04beffafc2907fe9

    SHA1

    95ab9f701e0024cedfbd312bcfe4e726744c4f2e

    SHA256

    ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

    SHA512

    fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

    Download Submit

  • \ProgramData\nss3.dll
    Filesize

    1.9MB

    MD5

    71a5d361e7cbc95f01d06ac2ef58e584

    SHA1

    ea86aadbf203be270bcac07c4635d663995f7d8a

    SHA256

    0d9ec42c25e61efe60aadc5feaa5bbbf86185140e60df9b7fd63d56c1aec9048

    SHA512

    ce6fae537f5b260e92755e6c1c185672e2fb2b42e0a972d1b45511059ee3b77c0ae0d075545a91be32ba23961d25747075faf1bdf05767e0b367502b91074931

    Download Submit

  • memory/2224-1-0x0000000001B70000-0x0000000001C70000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2224-2-0x0000000000220000-0x0000000000247000-memory.dmp

    Filesize

    156KB

    Download

  • memory/2224-3-0x0000000000400000-0x0000000001A25000-memory.dmp

    Filesize

    22.1MB

    Download

  • memory/2224-4-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/2224-42-0x0000000000400000-0x0000000001A25000-memory.dmp

    Filesize

    22.1MB

    Download

  • memory/2224-61-0x0000000001B70000-0x0000000001C70000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2224-66-0x0000000000400000-0x0000000001A25000-memory.dmp

    Filesize

    22.1MB

    Download

  • memory/2224-67-0x0000000001B70000-0x0000000001C70000-memory.dmp

    Filesize

    1024KB

    Download