Overview

overview

8

Static

static

3

48fb197c47...ad.exe

windows7-x64

8

48fb197c47...ad.exe

windows10-2004-x64

7

$PLUGINSDI...ne.dll

windows7-x64

1

$PLUGINSDI...ne.dll

windows10-2004-x64

1

$PLUGINSDI...ip.dll

windows7-x64

1

$PLUGINSDI...ip.dll

windows10-2004-x64

1

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

1

$PLUGINSDI...er.dll

windows10-2004-x64

1

$PLUGINSDI...on.dll

windows7-x64

1

$PLUGINSDI...on.dll

windows10-2004-x64

1

$PLUGINSDI...er.exe

windows7-x64

4

$PLUGINSDI...er.exe

windows10-2004-x64

5

$PLUGINSDI...ls.dll

windows7-x64

1

$PLUGINSDI...ls.dll

windows10-2004-x64

1

$PLUGINSDI...en.dll

windows7-x64

1

$PLUGINSDI...en.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...p.html

windows7-x64

1

$PLUGINSDI...p.html

windows10-2004-x64

1

$PLUGINSDI...x.html

windows7-x64

1

$PLUGINSDI...x.html

windows10-2004-x64

1

$PLUGINSDI...app.js

windows7-x64

3

$PLUGINSDI...app.js

windows10-2004-x64

3

$PLUGINSDI...uts.js

windows7-x64

3

$PLUGINSDI...uts.js

windows10-2004-x64

3

$PLUGINSDI...dle.js

windows7-x64

3

$PLUGINSDI...dle.js

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-06-2024 03:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/OWInstaller.exe

  • Size

    325KB

  • MD5

    d2d62837efe824f9df4e51c3aa7da8b6

  • SHA1

    ca2c1f1a002d0a94d068f16ea812813acd28262a

  • SHA256

    7373ae1e5aa96890b0d57a8208d69026b6dd4e6f7c96449b976b4ec723f72b32

  • SHA512

    65d732a101bf9058cc89069f5ea1a8d95b7bb8c85e481180893746a0dfca587c64a1446a6dda023fca52f5cd595d4895776e16da438877caaa92be7d09cd3e59

  • SSDEEP

    6144:huKDH8Zo5zUVQ5vvzL9baFoSpm9whNK632I6pbgvcp:huvGPN2oS1NRm

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 34 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OWInstaller.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\System32\DxDiag.exe
      "C:\Windows\System32\DxDiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\SysWOW64\dxdiag.exe
        "C:\Windows\SysWOW64\dxdiag.exe" /tC:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
        3⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Overwolf\Settings\SettingsPageBasic.xml
    Filesize

    202B

    MD5

    f066b38b3c10f5e4e756b62f73b29b7c

    SHA1

    49b2cf3ace3f048f8ab70c859422ae92ca285d32

    SHA256

    7f400843913514d7840c225444f844b9dde3ffea841929fa174e937395fd79bf

    SHA512

    aa4885733d0311ecf451d898f5f9a9cf00c24ab8236039997612ec93e302cab89c4100b266b60305d503e50c2b90d45cf11e26e308dbc8e4c1fe996ffe4912cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Overwolf\Temp\DxDiagOutput.txt
    Filesize

    15KB

    MD5

    a623777cbbd0c0bb1904f5ca020a1d81

    SHA1

    4477381e94adb5c286cbab6dc8e93866913be12b

    SHA256

    3feea5433542018306a25c433fe8ad1daffd5f7c515674a2956bbd56804682ef

    SHA512

    199574b0b7eaeca7743a4f64ee1111cacf64d4f30cc7bd43ad5912913b91383fa7ea0627335fcbdbea0419d005103811cb274e8a036ee0e9657c29d736c21c86

    Download Submit

  • memory/1700-65-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1700-1-0x000000013F240000-0x000000013F292000-memory.dmp

    Filesize

    328KB

    Download

  • memory/1700-62-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1700-5-0x0000000000B20000-0x0000000000B38000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1700-13-0x000000001BE00000-0x000000001BEB0000-memory.dmp

    Filesize

    704KB

    Download

  • memory/1700-2-0x00000000006A0000-0x0000000000732000-memory.dmp

    Filesize

    584KB

    Download

  • memory/1700-38-0x0000000025D70000-0x0000000026516000-memory.dmp

    Filesize

    7.6MB

    Download

  • memory/1700-0-0x000007FEF5693000-0x000007FEF5694000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1700-3-0x0000000000A50000-0x0000000000A96000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1700-4-0x000007FEF5690000-0x000007FEF607C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2652-66-0x0000000002530000-0x000000000258C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2652-39-0x00000000005A0000-0x00000000005AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2652-61-0x0000000001DB0000-0x0000000001DBA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2652-64-0x0000000002530000-0x000000000258C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2652-67-0x0000000002530000-0x000000000258C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2652-63-0x0000000002530000-0x000000000258C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/2652-40-0x00000000005A0000-0x00000000005AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2652-71-0x0000000002350000-0x000000000237A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2652-72-0x0000000002350000-0x000000000237A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2652-68-0x00000000005A0000-0x00000000005AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2652-69-0x00000000005A0000-0x00000000005AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2652-73-0x00000000005A0000-0x00000000005A5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2652-60-0x0000000001DB0000-0x0000000001DBA000-memory.dmp

    Filesize

    40KB

    Download