Overview

overview

6

Static

static

3

c868b0383c...c8.dll

windows7-x64

6

c868b0383c...c8.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/03/2024, 10:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c868b0383ce552a03273e2c6c06499c8.dll

  • Size

    159KB

  • MD5

    c868b0383ce552a03273e2c6c06499c8

  • SHA1

    1832561eaa1f88e3bc4af3ae6ebf6dd17ab4f0b0

  • SHA256

    1726f6dfd07a97a658155abd6974ae16bc8c0cf71eeee4b669fd3f5db0de03d2

  • SHA512

    a420d6d87cdbd7979a73003dddd2d0a6dce305b27c6a0d1d6aa49324a7ae6e23575656101d7887ab55ed099b2ef4b3b07a233fa3217b885c43d21427fbebcddc

  • SSDEEP

    3072:HJuzhDjwnoqo6rKiF8rZt3IGQ5Bl+kyq5lGBMy4v5c:HJuzhDjUK88rHfQ5sq5UcG

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c868b0383ce552a03273e2c6c06499c8.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\c868b0383ce552a03273e2c6c06499c8.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2216

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads