Overview

overview

7

Static

static

3

DWMBG.7z

windows11-21h2-x64

3

ButtonGlowExt.res

windows11-21h2-x64

3

DWMBlurGlass.exe

windows11-21h2-x64

7

cstealer.pyc

windows11-21h2-x64

3

DWMBlurGlassExt.dll

windows11-21h2-x64

1

data/AeroPeek.png

windows11-21h2-x64

3

data/btngl...se.png

windows11-21h2-x64

3

data/btngl...er.png

windows11-21h2-x64

3

data/config.ini

windows11-21h2-x64

3

data/defaultres.dmres

windows11-21h2-x64

3

data/glass.png

windows11-21h2-x64

3

data/lang/de-DE.xml

windows11-21h2-x64

1

data/lang/en-US.xml

windows11-21h2-x64

1

data/lang/es-MX.xml

windows11-21h2-x64

1

data/lang/fr-FR.xml

windows11-21h2-x64

1

data/lang/id-ID.xml

windows11-21h2-x64

1

data/lang/it-IT.xml

windows11-21h2-x64

1

data/lang/ja-JP.xml

windows11-21h2-x64

1

data/lang/ko-KR.xml

windows11-21h2-x64

1

data/lang/pt-BR.xml

windows11-21h2-x64

1

data/lang/ru-RU.xml

windows11-21h2-x64

1

data/lang/sv-SE.xml

windows11-21h2-x64

1

data/lang/tr-TR.xml

windows11-21h2-x64

1

data/lang/zh-CN.xml

windows11-21h2-x64

1

data/lang/zh-SG.xml

windows11-21h2-x64

1

data/lang/zh-TW.xml

windows11-21h2-x64

1

data/symbo...re.pdb

windows11-21h2-x64

3

data/symbo...WM.pdb

windows11-21h2-x64

3

dbghelp.dll

windows11-21h2-x64

1

symsrv.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    7s
  • max time network
    9s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/05/2024, 10:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    data/lang/it-IT.xml

  • Size

    5KB

  • MD5

    e7ed56d4244fca9360b004dfaaf435d6

  • SHA1

    775311f44fb73bf8032c89ef4b342ba0d36603f4

  • SHA256

    b7357250ab0c8782046f51ae3cd2349ce61c17300556390d4448bb93de1e87c3

  • SHA512

    99c17dbf6e363db3b69ec7a73ae4669e723864a5ff95fe26c256cf19813cbbf21fdb4c18464f54bbb9a46b7cee653fc2b48825ffa154cd412f8ac1f0bc53a5c8

  • SSDEEP

    96:R+wRYDrAwZkU2UOapjDSMJIMVz+nTObRW73RzDQZEkfRB+t2087q2qWk7BghTC:xwt2qsM6MVzATjeC17B2TC

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE
    "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "C:\Users\Admin\AppData\Local\Temp\data\lang\it-IT.xml"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2092
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\data\lang\it-IT.xml
      2⤵
      • Modifies Internet Explorer settings
      PID:1144

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2092-4-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-5-0x00007FFA64323000-0x00007FFA64324000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2092-3-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-7-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-8-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-10-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-14-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-16-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-17-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-15-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-13-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-12-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-11-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-21-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-20-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-22-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-19-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-18-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-9-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-6-0x00007FFA64280000-0x00007FFA64489000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/2092-2-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-1-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2092-0-0x00007FFA24310000-0x00007FFA24320000-memory.dmp

          Filesize

          64KB

          Download