Overview

overview

8

Static

static

3

03ebf155a9...d9.dll

windows7-x64

8

03ebf155a9...d9.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 20:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03ebf155a9d69b37527ec01c470ec35a4b961bf8b8c3986553ec089b96c7edd9.dll

  • Size

    52KB

  • MD5

    d4d400c425a545de65a71aaf1cfe8da3

  • SHA1

    cf34d7b747c3958618256428aaf4c43024b1894d

  • SHA256

    03ebf155a9d69b37527ec01c470ec35a4b961bf8b8c3986553ec089b96c7edd9

  • SHA512

    ab8318c6517defbc6c8a74fe913dd36a0ff4b21f6aa3ff98415b5ed1e6d331f9e760c1d6940eedf25f4bc4d3878fe57f2601442d445cb815f5ba061d3c4f8d6b

  • SSDEEP

    768:M5I2YmPqG2AHzZ71HBpK5gNvSLMkl5BhffcnYg/cQi4W394NmCpp20sd:AYUnzK5cvSYOBhf0nYUcAw+NFn2

Score
8/10
adwarestealer

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies Internet Explorer settings 1 TTPs 13 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\03ebf155a9d69b37527ec01c470ec35a4b961bf8b8c3986553ec089b96c7edd9.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1620
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\03ebf155a9d69b37527ec01c470ec35a4b961bf8b8c3986553ec089b96c7edd9.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1980
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\system32\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\03ebf155a9d69b37527ec01c470ec35a4b961bf8b8c3986553ec089b96c7edd9.dll",DllGetObjectType
        3⤵
        • Blocklisted process makes network request
        PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads