Overview

overview

6

Static

static

3

e0786cfd02...3f.dll

windows7-x64

6

e0786cfd02...3f.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27/03/2024, 01:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0786cfd02889f5cf8e98b648eb6863f.dll

  • Size

    891KB

  • MD5

    e0786cfd02889f5cf8e98b648eb6863f

  • SHA1

    22b9d971c7fdea19904c96ef4ffae5f6540cbd10

  • SHA256

    83a4b08071ee6829a9c420e1c37ea767d986318a18fd937833fe43199d07c9a7

  • SHA512

    0fc78c7d9482cb3e41866b768c9155a19fc184354470368db518c95c141ec220a042fc7eb93383dc1b341abb73fa9f8a7d45d8fffcdcd3018e4603dd873dea35

  • SSDEEP

    24576:4ksNHkWxFfLAb87n+GyiTP/NwG7ZgqAc:zexFjAoHTiG7ZgTc

Score
6/10
adwarepersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e0786cfd02889f5cf8e98b648eb6863f.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\e0786cfd02889f5cf8e98b648eb6863f.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • Modifies registry class
      PID:2304
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2984 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4e8477589be282305d07fb67dd32755

    SHA1

    0c35149ec0c6ec66fa24a0174344f6eb46149435

    SHA256

    fc319b8341b3463fb5bfa5b0036979ec09ff9f31159e3871aea45b3dec48f977

    SHA512

    0b60232aad2f19e22e6b8a8605820b9820e743d414b9f14af4b29cbfb898909b8e5d92cd0c6e65c71ece262627b059669308e9b1234717935147bb2ae1375471

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61dea05a8da1512389240e2e621d94ec

    SHA1

    24b862b55fef28f2e06d7a3bad4f0d2e3b37c10d

    SHA256

    0a9e36ed8f4b163e67eb445a1f667777da076909921cd2694b2cb61f2ad2db96

    SHA512

    6ebeed49704a53d81a023cd0af4221ea8a0df6990221e85332fae9e365d35f5545dfb5b070586861c0020607463dcb46d2a298af4e12d3c9e4bf74c177da5f2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    74adc83d98f361b00ed0474502148856

    SHA1

    93514a3bc815d214bc716544e96d8439eeeef58b

    SHA256

    2aa211284714102b35a81f6924dd458691cca3aadd2c16f18bf42e4cbf3bb707

    SHA512

    28d8eeb2d2afcbafce8acbb34a608176963782da6f9a9034f765ff5413b812ad8b72b2ca649cd3ea2db1bbd3285c0d03a3c65c0b2c18449588a291a055fb2e5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    645644b3b6adbb01552f8998aec02c4d

    SHA1

    4bc66d60e8a6e6b16390d2d2bef2b123936e50b9

    SHA256

    9dd6236f79e134fb2a23deffdc75435370a72214c21dd4244da035e4099df2f8

    SHA512

    1094a230c756b9c8aa522b895011a6fd5cdf3b87123560e80a58ede929fb1b1249c6394bb2536b3088442a8f0cc0cbece8f589b7559b54dbcd54921b9384422b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    028e173a3ec26d862e40431a579bdb35

    SHA1

    686fbfed0260ac38769cde30e9f21b4cebbc5637

    SHA256

    a2216cf8e528fc2d2c712a17c509c167f006cbf1e4d7489877de2caecf1e4433

    SHA512

    6c474b0aa8b77a726d2d0c98d3dc62423d91e66c6735b2cf605cc4e55faae862d8645b0393af4bf4538fc4bdb5e5d8d017d71a7e0669340137d8a58a9fee2670

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f23b92e8f74b1cc141d1f1662c21e6d

    SHA1

    7707ed1506f2b8eda00fb1cf9212b0a793e377a8

    SHA256

    918973bd600dc5df383057edc8aae2c8ab5f3ed884da26c864d35b50a3327051

    SHA512

    41f096e5e1ef45f503b97a35f92f123ec2cece3ff2aa46d48dc57eac58adbbed5d9d15f955f60fe1524e2b60567d94c1e216304de612d7e179527a5cd80779b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e045a8de0d4a7a00b0a987b2ba02516

    SHA1

    1060af608ba36425538be394e30b4480c4a2a226

    SHA256

    966cd225828ea7545ac52f68215566b8091285db232c7e9e9b5eb53efda27847

    SHA512

    234f3e01a19c4b3e9f145112b5553e992f361934add5a3b4be2006c4aa2bd3cf17dba8f762db4e7dbff0ca24b3cf2d6accf5b68803338d0b8d770b061ecbd7b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1e3de321b85d8de8f3826f9d891a5f9

    SHA1

    9d9c26ebb1eb0642ee5537e1f8ce493177ce6172

    SHA256

    2cd527bd3d46d274873ec4546579e2dbec6a130e2e87b379b878c2e63ee34bea

    SHA512

    03e3994982735fa7147a6f7cbb1ff445d120b43f0f2ca1c7930e7639fdb312c0c9884421a410dc3cc58d2e9c12f3f5f81a164672edda1c9ef10dc7a9aafe009d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    46a412986e58d952d4dc5e4d38d961cc

    SHA1

    ec10ea64363d24e555480c3b354318578d033824

    SHA256

    371060b9d37d6f2ceef3cb95d4cc853e3875846a0c84c3729e7242523e26f532

    SHA512

    6e4ca1bbe42916932438fb8a04ff75a55b952b6bd09b9f8b50fe6636ba47b71ae8c214b46443cc6ae616f5876927e7ab46fcbe7f47eac9447b7d6ae9cd19b434

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab739C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar809E.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2304-2-0x00000000001D0000-0x00000000001D2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2304-0-0x0000000001E70000-0x0000000001F55000-memory.dmp

    Filesize

    916KB

    Download