Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-03-2024 15:37

General

  • Target

    dbfc4cc4faf88548b3b1499ba78a324d.exe

  • Size

    5KB

  • MD5

    dbfc4cc4faf88548b3b1499ba78a324d

  • SHA1

    ab4b4ebf19e75b8d6281797175a8ba976fc05207

  • SHA256

    1f135eeca52d2f7094f4caeada87fdf09e66227f0afc04a53ffb5ac498ed0e63

  • SHA512

    c8af9c5c7923040ed1b5b7049b3710d6039a6635949e21aa4457b7b308ef2cd3fcd6b3f7bf83606846b640f26b6a507a3aafa4c35c1c3a15e4e71b4988217262

  • SSDEEP

    48:ZvtH9UKeRob1+HDlIzIZNRJmFCKB/x8HHAH7dhNAMoBAX:Z1deRoIHq8nRJmFCKB+n47hcK

Score
6/10

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
  • Modifies registry class 5 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbfc4cc4faf88548b3b1499ba78a324d.exe
    "C:\Users\Admin\AppData\Local\Temp\dbfc4cc4faf88548b3b1499ba78a324d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\SysWOW64\regedit.exe
      regedit -S c:\temp1.reg
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • Runs .reg file with regedit
      PID:2108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" %1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2172
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2172 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4864
    • C:\Windows\SysWOW64\regedit.exe
      regedit -S c:\temp2.reg
      2⤵
      • Modifies registry class
      • Runs .reg file with regedit
      PID:1936
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c c:\temp2.bat
      2⤵
        PID:1716
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c c:\temp1.bat
        2⤵
          PID:4952

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PL0BY74L\suggestions[1].en-US

        Filesize

        17KB

        MD5

        5a34cb996293fde2cb7a4ac89587393a

        SHA1

        3c96c993500690d1a77873cd62bc639b3a10653f

        SHA256

        c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

        SHA512

        e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      • \??\c:\sysdump.dll

        Filesize

        4KB

        MD5

        f7982deb1be471edb1aef54b4bbaf109

        SHA1

        e44f8cedb550fe75510809c6181a609ad957c06b

        SHA256

        011ab7c538a7581b0c327fbb9ca5bf578f266fec317af2a9286b5733d50a8e1c

        SHA512

        a89cb5f9939b66d881893b1ad94467d88d4af71541c57ec8cbad46f7023bf3ae4243459545f37946810a96aa81e68d67851b48857523433163aecceadcb80eac

      • \??\c:\temp1.bat

        Filesize

        196B

        MD5

        8888fe593e69fe3f4c48f6e207c42d79

        SHA1

        fc12cef7cb590481c312387af3dcef3436cca234

        SHA256

        91805ee2ff3812326e4341b30676be14377442d65f5377fb14643a80b75ef264

        SHA512

        4cecf7657ba257c172238a5ca67c998d85f94b2fac439da83a21a41161363d7bdab6b024c4000e46661bdbb0a3f7e87bd5a75a6d696c66c7f53cac770677f7e8

      • \??\c:\temp1.reg

        Filesize

        435B

        MD5

        492eb2c8ff983e87c95ca5a704c6f5b8

        SHA1

        8677a4e0d606a526b1c90f180116dea7a6bcb0de

        SHA256

        9f0388e16d77a4560acfe712ab8a8c6a171c5d369c4134cd3af9bec658bbd431

        SHA512

        ded2c5fa380fcfaa346dcb33a0775cc476ee7f152b0b54ed34b3e97958e200f1f9f01ed546adc2241d2462cfaf39e9e273eaba04cb2efcfbf7085ba9251acd6e

      • \??\c:\temp2.bat

        Filesize

        84B

        MD5

        b9975d30ddbd098a754312e16f744ec6

        SHA1

        9d41e8816bf8f8aa48356c99af46e64947a0d2ef

        SHA256

        6e4f3dd8bf9469f50bd04878da2bb005a9df85192a5c7428b4477cecbfd4747c

        SHA512

        5bdca7782ebe7a2d919c7c096d0b2e9927c68044a5ca802ce7a43e6d4d62fda7b5d7620a1154e640c9946def1b13539a948a58bf13697f897748dc66e3406c02

      • \??\c:\temp2.reg

        Filesize

        128B

        MD5

        6fdc273e79d8888a813c762aa55edc39

        SHA1

        a3e72c4eaf143697e3c1a29c8b1c223c121e1d58

        SHA256

        e0eb2406ae229d4df0d3ff5bb8f9bd907aa947b51fdbb6bed1a3238852849f6c

        SHA512

        370125ded5b43b67cfc8f28363086fc9b2c85c6fe53ab1e5e00281cf87292650b2abe7bf9420631ca405f4c7e213bed00c53432329cc5f7d6d1f615a02a1f253

      • memory/4700-0-0x0000000000400000-0x0000000000404000-memory.dmp

        Filesize

        16KB

      • memory/4700-10-0x0000000000400000-0x0000000000404000-memory.dmp

        Filesize

        16KB