Overview

overview

7

Static

static

7

dffe2b58bf...3c.dll

windows7-x64

6

dffe2b58bf...3c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-03-2024 20:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dffe2b58bfe2b66e8804192b80b2c13c.dll

  • Size

    239KB

  • MD5

    dffe2b58bfe2b66e8804192b80b2c13c

  • SHA1

    053d56fa7e942832e90d101dbfc061b70863ee41

  • SHA256

    a22bbce47abfa62fb69a4223442b71ad5c71655c6ebae7cf531c0275fb3d9c06

  • SHA512

    2e03ae3fffe689ab5f8014338c8e86645ff831c4171100a9fa76d55e08550390d313c4b13245d253076667bf87a59401b0531c0f34fce23836240b0570ca1daf

  • SSDEEP

    3072:pVVWxbXM9La3lNlBhhwKIdzxBJdRN/3TEwlPA52Wdh4/CKmKZTtE/wU/Pgl9Jtmt:NW1MM3zhhXEFNfnWL0CkZJE/7PgojF

Score
6/10
adwarestealer

Malware Config

Signatures

  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dffe2b58bfe2b66e8804192b80b2c13c.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2936
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\dffe2b58bfe2b66e8804192b80b2c13c.dll
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:3016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads