Overview
overview
7Static
static
3dc02961c31...0d.exe
windows7-x64
7dc02961c31...0d.exe
windows10-2004-x64
7$PLUGINSDIR/Math.dll
windows7-x64
3$PLUGINSDIR/Math.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$R1.dll
windows7-x64
6$R1.dll
windows10-2004-x64
6Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-03-2024 15:49
Static task
static1
Behavioral task
behavioral1
Sample
dc02961c3109e7369f377da2913ba80d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dc02961c3109e7369f377da2913ba80d.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Math.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Math.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$R1.dll
Resource
win7-20240319-en
General
-
Target
dc02961c3109e7369f377da2913ba80d.exe
-
Size
716KB
-
MD5
dc02961c3109e7369f377da2913ba80d
-
SHA1
45237c0ddaeeb9e593466254923ec5c8a312e055
-
SHA256
bd2c84eb297ff45149c18bcee3a8c57ed663176d4a79c1440b9ef9cc1af310b0
-
SHA512
47f5f50f049222b2c84733c163fa37489ec81d82c5c67d3a12ecdd6f92d171ec053acbd0ebfcc33136b987663170e9ede4b1295d68751675a537443c5592bd2d
-
SSDEEP
12288:F36l0V+ekTR1pQMVvoDLbcTCpxWiY7tVyia5Mp7O0o45mx4MjTCB5OPiSIoKJ:F3sTHpQMCDLb4u/2zAQJ5mn0SLg
Malware Config
Signatures
-
Loads dropped DLL 43 IoCs
pid Process 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe 2200 dc02961c3109e7369f377da2913ba80d.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object 2 TTPs 2 IoCs
BHOs are DLL modules which act as plugins for Internet Explorer.
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7ac812c6-b714-e717-7e5e-77de319fc517} dc02961c3109e7369f377da2913ba80d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{7ac812c6-b714-e717-7e5e-77de319fc517}\NoExplorer = "\"\"" dc02961c3109e7369f377da2913ba80d.exe -
Drops file in System32 directory 3 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\nst8F38.tmp dc02961c3109e7369f377da2913ba80d.exe File created C:\Windows\SysWOW64\nst8F38.dll dc02961c3109e7369f377da2913ba80d.exe File created C:\Windows\SysWOW64\9d435dea-7c79-4c80-f8fa-68f67a5077f5.exe dc02961c3109e7369f377da2913ba80d.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\2500 = "3" dc02961c3109e7369f377da2913ba80d.exe -
Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\NoProtectedModeBanner = "1" dc02961c3109e7369f377da2913ba80d.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main dc02961c3109e7369f377da2913ba80d.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7ac812c6-b714-e717-7e5e-77de319fc517} dc02961c3109e7369f377da2913ba80d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7ac812c6-b714-e717-7e5e-77de319fc517}\ = "adtimes" dc02961c3109e7369f377da2913ba80d.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7ac812c6-b714-e717-7e5e-77de319fc517}\InProcServer32 dc02961c3109e7369f377da2913ba80d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7ac812c6-b714-e717-7e5e-77de319fc517}\InProcServer32\ = "C:\\Windows\\SysWow64\\nst8F38.dll" dc02961c3109e7369f377da2913ba80d.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7ac812c6-b714-e717-7e5e-77de319fc517}\InProcServer32\ThreadingModel = "Apartment" dc02961c3109e7369f377da2913ba80d.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc02961c3109e7369f377da2913ba80d.exe"C:\Users\Admin\AppData\Local\Temp\dc02961c3109e7369f377da2913ba80d.exe"1⤵
- Loads dropped DLL
- Installs/modifies Browser Helper Object
- Drops file in System32 directory
- Modifies Internet Explorer Protected Mode
- Modifies Internet Explorer Protected Mode Banner
- Modifies Internet Explorer settings
- Modifies registry class
PID:2200
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
66KB
MD58835b67f15d96144f3184e684fa76b43
SHA1365e34a34eb8c123d765b7deefd3ebb90fe0fe4b
SHA256df1e70965e0aab1b464e623ccaee5457e66dc2e955733658c8fc337a893aa51c
SHA5123a7f89af391708c56d1d117e24f2f9f1c5e3db27716665fcfed66aea64d2a72ac293cb3b8d09482438b06f5e1f97338fd700d0ccef036814047b0842ad8b9c13
-
Filesize
14KB
MD5f0e51d5722c11a4fe40c97b746c1ffc5
SHA18ec31853e9ef08fdc2a8c3c8eaa5f5b9469af193
SHA25693a27f96055ae6b7f44916e13487b0efa7cd6d762e6768f7cb6427e32bda777d
SHA512212c1ed753b54e5eccf7e1421bcca86955e09d6e3873f891d3d7076e21f79feb5f1dba350818804a215980875c306283b02f628fbc191d958f0de0f528c7194a
-
Filesize
10KB
MD57e3c808299aa2c405dffa864471ddb7f
SHA1b5de7804dd35ed7afd0c3b59d866f1a0749495e0
SHA25691c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd
SHA512599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738
-
Filesize
1.2MB
MD5104be7b21b09b5863ea03eb7c6c1298a
SHA1f87600bca12beef0396f19650f34587c2c80cdee
SHA256afe8c52bf5d96ad9b890477e1608e2f56f332a4e7bae449f68f6d47e4592b54b
SHA512339beaba14c9ee8b7277eba97d1d1af1ebb50bf59be4c3dc0f0aa02655c2ea0661738007b4c21642fb76b8c61edf6599208d4cc53b15b6a21eec6656f55eb5a1