Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 13:18

General

  • Target

    dbb8a830f9288e1a268901c7867b3536.exe

  • Size

    14.2MB

  • MD5

    dbb8a830f9288e1a268901c7867b3536

  • SHA1

    18052820e7221bb5cd44898665fb2bafa7189b4b

  • SHA256

    bab1c0bac0b402b44d52b9b1be9f102995db318bcd1fa07f507ccbe8d3785bef

  • SHA512

    154990cb81585ba14ee553ce2d490e55b7a82645b0bbf0e6369589353bd8e39e726e27925e31238f1eea85d17b7abcbb3b423450dfc87cb3c97569b9303c3bc6

  • SSDEEP

    12288:9Tvdddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd6:5q

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
  • Modifies Installed Components in the registry 2 TTPs 8 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 10 IoCs
  • Modifies Control Panel 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Modifies registry class 9 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbb8a830f9288e1a268901c7867b3536.exe
    "C:\Users\Admin\AppData\Local\Temp\dbb8a830f9288e1a268901c7867b3536.exe"
    1⤵
    • Adds policy Run key to start application
    • Modifies Installed Components in the registry
    • Adds Run key to start application
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2196
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2712
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2712 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    72ee679ba76527ca0720235ffff77c53

    SHA1

    254b15bdc167be23fb6021841d31dc6834cc6abb

    SHA256

    f316b26d4af6da4285a65ff1d2c56908a2cfb18d7fb961be2e4afea5534a5fb5

    SHA512

    b141cb30c016a87384af068f3dbc26400b3aba36027a31aa787345ca83b27b2508a0fcec172138cbeb98c4b0579e5c4edfeb56470a79dc473bd6f25e267ac190

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    62275b8a095040767f9ef79fe6d591e8

    SHA1

    a8946f90dd30a3833b699a988e66ae69220def9b

    SHA256

    0c2649355a3788797abea529f8a4a1dd74f90cb9ea439e9b79e8c88661085078

    SHA512

    0fc867f56878218f029bcbba7c32b85afcb649a5b0d5b8b6d4be77410ff8a08088aebc51c4c275d478bbb5e8f1a46a314b17781a4a88dddc567bd68b740b8624

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e355651912979f2d24d8935ee11c414b

    SHA1

    1f6c5c53369feba7416a2b5b5552ddd5f42cfe06

    SHA256

    6f47c37941b25c41675894d67e8cff918dcd41bbdffa20d54b040624e590314c

    SHA512

    54982aec39f8775d7abf08d3c5faa4f59e809fdcf74584154aac80a8c8b9a9d1ce1660a3ad6a16313ed2f34010bd84062747c22124d5e745b31b4316aa86bf52

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2fbcec192cadd6d54d5b80bef1271986

    SHA1

    706516093e6b143388d8499cc97c6deb506a5280

    SHA256

    3c94f9393cb0c9c667e720600c4d17087b55dae5db8c0d9368b0779544f79210

    SHA512

    22818d2516dd50e7e4f3283a85646adce6a16ff20f7f3e8f306a7318ba7edba3e88d014ff1b834ec505acae2e55e0cf2f1920227a184ffdc071c24739c94ba8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2fbe1b1da3f171fd24a18443a40ef21b

    SHA1

    b1adb2aaff0b6ec46f80ef3f98ecfa189cf2c792

    SHA256

    67f892932ae368aed88e6b056213c56a97198efe3f9ef0110b3ec91b47ac8250

    SHA512

    2c9bc9e768e2471fe16800e1390a886711c68961ace58088aebc0200135a0e3538aa6f16345ee53f8fcdf6737079d89deb7a6ddf3a931ee3de9b5564a33421af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    73ca81ffbeb9bcaadae68bbd0af78f53

    SHA1

    4312fb09b152955bc642696779df7e8282eca02f

    SHA256

    aa9317c8b863d7d36158fe1adfe309b43eec5bc7982970829f96633d57076930

    SHA512

    9f3342d9876e91dfa55aa54c84f50909b4ff18f25587119cf47adbb0f5e89efa2542ca60af4aef6b365b8e6259470627644f82c32b7c29581f0d27ccb1efaed0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79f4f9daf13fa7634e0752b306ba9be1

    SHA1

    748306acdbbef52dd33eeaf2fc784195973de078

    SHA256

    47711196b13e92ef5113e8ab93212258d38c3e93f0be5f4f13babf1c7cc65c22

    SHA512

    c2a76ec212fb9d646930e00ed33582065ee6117d77f6faf84eeba0441338cb7bd17804f132a75b937daef671a40a064ce3518d329a6464b4f06075dd21ac4a2b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0bddc71be663b508ed423cf91f748583

    SHA1

    d43d18c4aa087fbe2bd7f1f227dc95118f5faa19

    SHA256

    8d9e6ebe205c701e91884d8d816db7f0aed0c929d82c771f8f81c1e1d53c95d7

    SHA512

    20fd9ed525ff022626d4245b7346eb981d14ffae1cb5134121c2381902efb09a3e56422377161dfc82fdb18f4d7a2a08e825d01bff973df5276fad10b309866a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0596c83010524a4205b80cf4080ac5d5

    SHA1

    ee92bc69a45e8fb03d6f807d227e8139179eb1c3

    SHA256

    bce268c71b407115130471d206f737d24b889eb25fe601891e851c2aa2c3b41d

    SHA512

    16470e42ccf76ffaea0344c759230bccec1d79b95ef7685ca8b8898e5a4eea71e0dd7c8686f8fd1e8b4cf3a391f0db8023303b53d73d400423e73f12967c00b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    56a75a99ceac194b7beb5fba7f674c66

    SHA1

    85a6eb91c5e9ad40eab8585a5f5666e295a8d6d0

    SHA256

    43d93f322648a9d0c82829470dfd24eacaed3bed1105af69fa99d1c633f69957

    SHA512

    43665c3aa2169c64939361c43ecf41acc8d8423250bddde51fa24f29db6645064ad8e7e71fcdaea61b569b9949799a0c3a0040420acca1096d960b1301c92873

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9cfc7163462c52f358d1e7388e21d996

    SHA1

    cda83310b6cd7ae12e21c5c50bd52bee71cb4b72

    SHA256

    ff369108e29a5b4ee414e0708f82aeace5be8eaf71f0f5ca0b46526479835af0

    SHA512

    0591c4ed4744ab13bd11453b20cde9c86d3ad6338a3817edd67f13a329636f97a8c49909ba2a8671f86b431e11a282f72c2beb3fc03efdee69f379cf79c31c9c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9d7da008b3302d3f4850125a7c85cc34

    SHA1

    0516b2aa5e1e04b7b2ae8cc4fdfc884a35925609

    SHA256

    a9eb55a026370e4a50ca968615aaf7f04fbe319ed8f0d6721c8fcf14bde44804

    SHA512

    f27baad409fafe0655e64469638079cbd2187609e380517c2dd02302adfebc4d8be23110e2f9ac1766e6afffdd97d20e408eeed9b09224a4fd09ede62e97e486

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d58090abad8c6f07f678d7476c3cc3aa

    SHA1

    59df2bf9560d8453bc787d9bfb2556143ddb26b3

    SHA256

    dec8fe403507d6dd7dcdb01965efa19be2f143fa51fd93153f2cd8e5ce6c7edf

    SHA512

    b0b7497e2dfa56943b047b35a2c944d8cf3a97c092bdac2636ae41879a2a6be12e34ac5d63d4d6d0e55e065a39217010fded675664a722c4785cf71fb540fd81

  • C:\Users\Admin\AppData\Local\Temp\CabD59A.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarD737.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

  • C:\Windows\SysWOW64\poolpdbpptp.exe

    Filesize

    14.4MB

    MD5

    d2e345b3340e1404b0027f561ed8581a

    SHA1

    2ac5df8424b4726f221361702c193862dc986cff

    SHA256

    3367db7f8c1bd6ac90e23b4017290969379725c0f46c7bc9ed248f87f67fe0f4

    SHA512

    37b1c3e901581f88ecee45d7e3bb5f6f1769ad3f25ddc7bf6c428012ac3b8db6f08c3eb2c7ad5cc73433779c20c34ea9358bd494e58a92c3a78ca61cb19d7623

  • C:\Windows\SysWOW64\procinfoip.ocx

    Filesize

    4KB

    MD5

    97c92f4457dd94d678d4c9e4bdd8352f

    SHA1

    8d80f3cead2b0c5b2b80feb548131daf4d33297d

    SHA256

    eed7377eb708d163ad0e8c50ef40d8ea8d15124832904ac1318a3fd10728ffd3

    SHA512

    f07bc6be6a70ee28c5dddfcc036c6f3c17abc89f1240a688519c2d39a3012016b13689577dd62f2391153f837cbed5ed127568f14523ac0d6b33c516e0f51e75

  • memory/2196-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/2196-4-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/2196-505-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/2196-12-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/2196-14-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/2196-21-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

  • memory/2196-22-0x00000000004C0000-0x00000000004C2000-memory.dmp

    Filesize

    8KB