Overview

overview

7

Static

static

3

c7b0a4d4dc...99.exe

windows7-x64

3

c7b0a4d4dc...99.exe

windows10-2004-x64

3

$SYSDIR/Ba...er.scr

windows7-x64

1

$SYSDIR/Ba...er.scr

windows10-2004-x64

1

$TEMP/dospop.exe

windows7-x64

7

$TEMP/dospop.exe

windows10-2004-x64

7

tbu03852/dospop.dll

windows7-x64

6

tbu03852/dospop.dll

windows10-2004-x64

6

tbu03852/options.html

windows7-x64

1

tbu03852/options.html

windows10-2004-x64

1

tbu03852/s...g.html

windows7-x64

1

tbu03852/s...g.html

windows10-2004-x64

1

tbu03852/s...b.html

windows7-x64

1

tbu03852/s...b.html

windows10-2004-x64

1

tbu03852/tbhelper.dll

windows7-x64

1

tbu03852/tbhelper.dll

windows10-2004-x64

1

tbu03852/t...091.js

windows7-x64

1

tbu03852/t...091.js

windows10-2004-x64

1

tbu03852/u...ll.exe

windows7-x64

1

tbu03852/u...ll.exe

windows10-2004-x64

1

tbu03852/update.exe

windows7-x64

1

tbu03852/update.exe

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/03/2024, 04:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/dospop.exe

  • Size

    806KB

  • MD5

    067a003a0740da60aaa074f45d5266c5

  • SHA1

    a5016ff1703d63c215da0f331003759f70f33659

  • SHA256

    edb695897f58c9e5533136fa7836216e2463fcaafd1d82dd5e50fa0fd4be471e

  • SHA512

    ae692fc8f5a71d4c189e91bf2d0dc0eea7e7636ebfa911dc76f6cbe69f6f7fb5ed2a497e92de39ad77aab166155a01a4b7ff6f493a63f1639b952431a16d007d

  • SSDEEP

    24576:JlzyMuPssLniF/pnFmXb7R5tdpEpFbI+PXj:D2FziFjmX/R3/C+i

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 14 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 21 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\dospop.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\dospop.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32 /s "C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies Internet Explorer settings
      • Modifies registry class
      PID:4560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\DosPop\DospopToolbar\basis.xml
    Filesize

    7KB

    MD5

    ddd7fcc20dd29eed331b186b5ca2889d

    SHA1

    f7890c5e84f74890bd36dfac8d6f6912e68bf60e

    SHA256

    c0d0a01a21c19475a5be0b5552e992520da735d86e6a40688b26735d4a7490b5

    SHA512

    b3b8ead777be600f59218d988c80b752a30587f1d298900f97beb32966fde18f72158eae3a0da6be6aaf4b5fb3ba4603cf36a99fe79fbd3bab38e8110c8061b2

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\dospop.crc
    Filesize

    223B

    MD5

    ec3733d5ea6c6404204c5bbaae9210e1

    SHA1

    6b70c10e79e29904fee05a76b3852ed4e437fb25

    SHA256

    194c4acf404911afcd0f563659ffcc45f33f249e0e41e8681cc15308d0132903

    SHA512

    3d419529e187c6c93d46e7216cdfe6710f77ba575a0fb42b57efedcc6a41261056bfda1ce17bbb85e9619931d420fb1e111748e6d8359d5b9776f1adaea0cb54

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll
    Filesize

    1.9MB

    MD5

    0deb70c3db014f205db40b94fe81770c

    SHA1

    025967f9ab38f52202928adc5978a5288365af1c

    SHA256

    26d458b6a43524972c16c4d54e3b5d615938042ada59228d52b299e1f39f04c4

    SHA512

    a845499e8a763e6be9e5212d6e42d13edffec1ef2a86cefce7f5391d0d444d7de40fe205afbc884c5cd06204b2c49d578302c66cc67f051c63ba90ec6c8ce9ec

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\dospop.dll
    Filesize

    960KB

    MD5

    78bd39e11170d08e3b9112553abde2e9

    SHA1

    98f42e150f160ae956438d297d9a834dff380107

    SHA256

    04fa8f78e5ade15f76faf5441af5465bbe853cf9db2a6edd7a9d6825130dbaab

    SHA512

    9514de5a89055e8a6279d874eece09df69d4616c1e3ba5668a9cb0fff675a9327731753394f8a8bc930556b65b4a6e620dffb1581fdb813c2f23eddd72da2bf8

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\icons.bmp
    Filesize

    60KB

    MD5

    0540c76a162cf8aea5b333a6e183bdbc

    SHA1

    10650aed77cafd0e0e10a98a67343157abe93652

    SHA256

    6f00271baba262330950c748e67f41f0d2c98d5e0a5ef7cf099d864d7d9891c0

    SHA512

    7acbe3537f07ef6dc4a2dff809b8cc74edbf7d02ee4a75d0f399725d2dda28c5fa1f407495a23301f322e1655cfef83271be05e8062aab022538fddd6b001ee4

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\logo16.bmp
    Filesize

    6KB

    MD5

    ecf6053084c253b4ecb999b77fd5e7fb

    SHA1

    fe7359187bd92e1e9312789a7c9ca1df08947c26

    SHA256

    4d502980795f580774e0904c22cef73aaf81eef9858e67e05d0ef10b74c62105

    SHA512

    7a86d529bf6eca3daaa428fbc7d0dbac20cf30261f2ab1495532cf52087209eb712734fa90d23e063bb3a8e833d90c827fc920cc6785fc19951b5c883fa93f3f

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\options.html
    Filesize

    6KB

    MD5

    adc6e16ce6e97bd1eb19d3a8dad7274f

    SHA1

    12b55eab3225b2250ba051803f7d791db59a46a1

    SHA256

    29e525a91d8ac4ec6bb2fa299a404d9f151b45400c7cab09675a23469373435b

    SHA512

    2c4bc233ae8741fe0a6995845aa88d707b347cfc78745fefac346ce27ddd5b799dd374bbba15516f6e61348f52720be3639cf0cd925a599250a9947a33ab7103

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\static_img.html
    Filesize

    503B

    MD5

    2caff3519f5be538757c467d4fec4756

    SHA1

    7e77344f049d9ee4d216b6f412c01ba28596773c

    SHA256

    e94503ad0ea2a4f7002ba70f57e12da9daabb5037b6bedc7725d1fc43a487415

    SHA512

    029814dd117053d03acc6c0cb1af2802256149c6a3588cd41334deeffad6095dc16386887e2053f288b13a5ebd3599cbf9c55c194fde81f3df77045d2609a467

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\static_pub.html
    Filesize

    599B

    MD5

    0bf3de7de6f6a9ece7674fb245c7e428

    SHA1

    a71d601820676d5741734e825c7347d59570bc98

    SHA256

    29101ddb9fc880b921c78a8aa0952310ccf0fe4eb03479425500fc2e779d4b2b

    SHA512

    30dc0cf67d772a79dec244882f24c4a6ad71a3139b1b92d6e059f1e677ef138596e71c7bf12c2283b591ad64744b9abd15895fa29c4a600f64c784423bc270b2

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll
    Filesize

    264KB

    MD5

    6523c75dd567975134798fd13a6644f1

    SHA1

    0a6654a666caee2af6c5eb012147a36a98001bfa

    SHA256

    ef5590a49f28958e862c2eacbb59896541f295c62536030fca79938dc8ecab46

    SHA512

    1788b8f7b1a6fae2d09871f03d89654f5fd428e42c96d682765d032864a65829c7998baba8c698896b2218efdbe9c4ee7eea5e90755f9e3d913229631267bbc4

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll
    Filesize

    108KB

    MD5

    15871f074881255376cdf2f078af831a

    SHA1

    31e866244371656eaadef2ff7ce11c1465f7ef99

    SHA256

    3a829493369daaf93c686622fc06b464564921fbd7b500479cfc606a50b86b42

    SHA512

    35e699a1c45e463f0265d669b9c330264c04ec3d364dec64d441c75e0549269307edad0d4942d42e8fe5450c53051f4ac4077a16846143367974a04c5da17be6

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll
    Filesize

    91KB

    MD5

    e056baaedf87db7315f4e4dc43db2878

    SHA1

    28bbb504fa670667b48de7334d441512a1c30281

    SHA256

    b0ee9f2c7e69ff92d4356cb1fe32742098e977fed509d2fb11a475dfa18b273c

    SHA512

    bc9e905aaaa34edfc0085ca1dfe2fc18cc61d3e4c0ba0d56e43b32a2bd833c26913937bcda0f130e9bfa94ea7fd5e95105ef1287dd845fbe25820fdace60910e

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\tbhelper.dll
    Filesize

    316KB

    MD5

    8285d06c80bb289d22d7c67c4df2d51c

    SHA1

    0aa83342fd5d23de18fb5da4c4405ddc5b13d75f

    SHA256

    d5df73f377bb5113a5e1c4f7872db6ec4753568a1dadf8d5d09798ac9038ad29

    SHA512

    8de26c47bbcf0ea1dcab869ac21eb6d13751a913903a179fbd3ad8f30f0429b15c60af53c68b2661a7adb34a310ba7d91281da34f0ddfe595c409e11c0f34775

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\tbs_include_script_008091.js
    Filesize

    2KB

    MD5

    b734be75b8963660abfa7412095c7a82

    SHA1

    6091ffb358b2596d53f4e74e09da01326258dce8

    SHA256

    078d1eadf0733de055e1ca4ff03bdab7203a66823e9cb4d5a8539d84276759a5

    SHA512

    1bd848ab95724bf8b7c6dc2e91a066a85c0d6239c16c3e548cfaa7a6e57c62e432b820b7503e998bc205d9153ec28c7e590610b8f4481e28b2ef6df35f14cf68

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\toolbar-logo-dospop.bmp
    Filesize

    2KB

    MD5

    de7f84d3713c0e55ee2f584345647504

    SHA1

    8903bf45c1993fc2df3313e89971b4cba2ba9239

    SHA256

    759282b69a5a1c30a01e0ef7c19a2eb59955e33f0caa0b066e418ef54f5c5884

    SHA512

    96c820d6caf2385faf18aaeaffe743846e158b1e2eabdeb53ec9dafda3fa86ee30f070f7c8e65bd1a0325e6d6fffcfafec175dad07f0dee0f6fcb2660133a193

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\uninstall.exe
    Filesize

    48KB

    MD5

    652d9d1fc071f90c3e0adb8d79d7ade2

    SHA1

    b63b34d5b3f2d5b75b0b5ff3290752ae1cf3a68a

    SHA256

    7c30673fde7090d6f74623d9bf99e1b2f9661ec94d21d3c2ffb80e1c56d60891

    SHA512

    410d3c2ce92e5db4c12c46d399e88dac97be784f2b50946e40ba1689a524542e6220864d35d625c3cbb104e20ee351362dbb100423224d319fa62add5c3fa1ae

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\update.exe
    Filesize

    76KB

    MD5

    c050609bcf90684099902c043661e739

    SHA1

    e471468f128e3f8899d53f54f0fd64561a297210

    SHA256

    3751b8982c25d16aee9bc7dd5e22c83f323c8c68780012773612778f20279af8

    SHA512

    2e199a074fbef486518949bd57da18b7b221eb1d9d391c30d7ee73817e2d514438d25ed46f2ab68f79f0645013df5fd35100eebc805bea3830aa7b1cfb8d9846

    Download Submit

  • C:\Program Files (x86)\DosPop\DospopToolbar\version.txt
    Filesize

    49B

    MD5

    f1610ba6a619c1703c4dd4ea1c8d71e5

    SHA1

    539d1b8b903d98bd9abaf232b4c2f370ac1e9e81

    SHA256

    0f85f776d85b5ee164a43c166dab525625655bd42b6c0503fa8d36fb702df666

    SHA512

    de5058badc73c1e267e24d7cd18e2c1207337d78185bcd17c4e1ab1131e30f4df5c051cceb748966fd4a8a6b8b2f1d11e2ced29bf5c5ca8404e3f5da5d2d438e

    Download Submit

  • memory/4560-44-0x0000000002E30000-0x0000000002E83000-memory.dmp

    Filesize

    332KB

    Download