Overview

overview

6

Static

static

3

b793b61c3a...ba.dll

windows7-x64

6

b793b61c3a...ba.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    06-03-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b793b61c3a66f339c8bc0d0a8e66ceba.dll

  • Size

    384KB

  • MD5

    b793b61c3a66f339c8bc0d0a8e66ceba

  • SHA1

    4d47496e02d2630405dba576cb12cc3f7542eb1c

  • SHA256

    438c59e69ec57b75f858bd57e5cf4cbf3ae1be44e6e78615a380491808656704

  • SHA512

    5a463047647f602355aae7f255e025d7d74883b631aee6fbac8608dc98d3eeb08db07fecab24f4d729cb5b266a6fe5e72e9f2b43f084c95f9fdddc93e9aa738e

  • SSDEEP

    12288:8rCX+Fa0NluoULy7W7xQpSQtOV4Z55VCQUM:8Y+FamuRLypTWIVCQU

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b793b61c3a66f339c8bc0d0a8e66ceba.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3016
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\b793b61c3a66f339c8bc0d0a8e66ceba.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:1796
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1544
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1544 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea82cf5c5e438330d2e1186614a5c21c

    SHA1

    29c00b47eff59b084c69950c4715ab160d5de8b9

    SHA256

    1b115efa0d2d2daf366e628854f0c1a37cfaf70c66f3134896e14786b29115bd

    SHA512

    ea61b4f2eeda05588bb012a24915b720973ee1fe654243bbd3f5778bdd3d114cd8aa5a1a0b8095e661915f6cea298563d3a73d4c1b2a30bba78a988fe0ba73b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ab68ab27924d6cdde61977d349dfcc3

    SHA1

    8ef912048c806bb784d98e7621e409c29f047559

    SHA256

    569b06350e324847a1a0ce6b0867afce493e74e2055343b04529182e9771b456

    SHA512

    2f4635c1a52a1febcc93d59acb05478c61b584353c6dfabf2b27a0db60fcd97138bae347a3ccbc537f9fd1167d03578c2a55ba1cca7f97b7c821efc8d5d0fc35

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14989c03ff5d86e7196d29de7338dcac

    SHA1

    05ac48c8b5cf97fe4d78fff3418136608ed17aba

    SHA256

    74475b67a8b5aed25b12d5dccb1f554322d8f7a6a568d40c7d8462bf8a0f5673

    SHA512

    9d1ea7cccb8438732bc7a036a5f864d6887dd987230f62ac770fe3781346cc0dea6a9801613395fcbf5cdac6dee78918e206ac7c66ac60364eb6b81f4467f456

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19c3b7584b0d05f88a4f13773a44a0b8

    SHA1

    081f26ae1451be71e46cc13c9da7450da6c55964

    SHA256

    bc448b49e938e171fc76946e1ed5c25f9d0cd5b05d0ee8359544aefcb0010fc1

    SHA512

    592b14d8373af1208ad57f53dbf1bd59b3622d13fdc003e4d7ae298589dc58859de51495ef20153c5417e78f56163e2191f81d3e0fd53f40a5cd38ac0e7fefe9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af22efa78d5c92eb65cc0881d7766e07

    SHA1

    7607df156c217aa2c256341a2e78d83023b865bd

    SHA256

    c606ff0c9d20ac12be6fa2ae7afa51a5d2ab732e170cd2a6883fd1150fb1c0d3

    SHA512

    51fdd32c95db9105438f0ee75fcc8e2a7564340e53e87c38edec1a7a09e1d2b64bd4b9005c2e8ed6d6c1f298c62d9117506ab57f8e35e475a9c408fae084c2d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c422f981ccde8f230ba84bb6480a9cfd

    SHA1

    9803cb65987ec725c7acff7bffb20b9a1d64700e

    SHA256

    f4da23e1c80ff7be084413141d407e6cd6677c9264f79d4cc481f8eaafe248a0

    SHA512

    5bdb78274e857595810e442d6a7decc15e0d8201cfac3fd1b510884ec6f5604a4eed0ee2e271f492124140cbf752ed72937ffd2beec05d3069fcd6a97f20498b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7b46e7f34514b880b0ffbc30f7f516f

    SHA1

    99c90346749694ee4c3c08a469d8ddb0d4edff2f

    SHA256

    62a0c2418c76d03846e17cfeb5c9e277f2e6530f4823e2a7faac00a5e25ea5aa

    SHA512

    22645b0f183f48fbcea906423e69e2945d1e4ced423a61990905c620733cbcd074489a855324df09fc2fe10c86e6337e4dfbaea8d3c9d4e2ab2a0eae163a5d12

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3DAD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar40C2.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/1796-0-0x00000000004F0000-0x00000000004F2000-memory.dmp

    Filesize

    8KB

    Download