Overview

overview

7

Static

static

3

d5a147cec0...81.exe

windows7-x64

7

d5a147cec0...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 08:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5a147cec00012564bc694fbe6cae681.exe

  • Size

    128KB

  • MD5

    d5a147cec00012564bc694fbe6cae681

  • SHA1

    c822101a17bf847545c88ff869b59d8c70fc3170

  • SHA256

    8af1dc7a1a1e92f2eba55cb5219b66e444610207370f7ec388771b9e8cfeedbc

  • SHA512

    46b6b6f30ceefd818c06f3ca1ed9b1ea3525bad60902480b1f120a46d37706b51b151a56a6c339c343f98f231c082509dcee1eef4ab55692c5d44b3bdb0d263c

  • SSDEEP

    3072:EmeDmBqskJZy0rY3tgFvb5PEXjjCp8VQ8a97:E8vxovbki98+

Score
7/10
adwarediscoverystealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5a147cec00012564bc694fbe6cae681.exe
    "C:\Users\Admin\AppData\Local\Temp\d5a147cec00012564bc694fbe6cae681.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Common Files\PushWare\cpush.dll"
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2792

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Common Files\PushWare\cpush.dll
          Filesize

          208KB

          MD5

          be1e7c818f04f542760c346ea78d76b6

          SHA1

          313db03d8501eff4f7602a12aa3af9c46fd64187

          SHA256

          eede3ebf90da854bf1dc297361e95ad0c220ccc5eb6e22cf8aea1cef5c6bdfaf

          SHA512

          386b5409b2832bf4b6fd451c6c60b9fec8ee7b0f737307221f758770ac58fb432a19cba7c2247212bba6c7b0cf97eedb275be12ab1c6eed213e6eec36ea770f5

          Download Submit