Overview

overview

7

Static

static

3

0992b39200...18.exe

windows7-x64

7

0992b39200...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$TEMP/Toolbar.exe

windows7-x64

7

$TEMP/Toolbar.exe

windows10-2004-x64

7

content/aboutTabs.htm

windows7-x64

1

content/aboutTabs.htm

windows10-2004-x64

1

content/ctoolbar.js

windows7-x64

3

content/ctoolbar.js

windows10-2004-x64

3

components...rch.js

windows7-x64

3

components...rch.js

windows10-2004-x64

3

components...bar.js

windows7-x64

3

components...bar.js

windows10-2004-x64

3

components...rt.dll

windows7-x64

1

components...rt.dll

windows10-2004-x64

1

components...re.dll

windows7-x64

1

components...re.dll

windows10-2004-x64

1

defaults/fbAlert.html

windows7-x64

1

defaults/fbAlert.html

windows10-2004-x64

1

lib/xpcom.js

windows7-x64

3

lib/xpcom.js

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24/06/2024, 16:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/Toolbar.exe

  • Size

    1.6MB

  • MD5

    1e8453e30b208946c7a180ce83e3a3ee

  • SHA1

    9f98ba013836fd361b6ecfc1ba77e8ad8c3faa63

  • SHA256

    78f4880496b8721d0b21b1e33d9f8890389714db38502adc56c9c12b1345fb00

  • SHA512

    03ae6c870ea135a9b1b9ffca4ae35515d19e06ba8c224b0e7001165decdc6724de6ab542bac8998f5707c9de5b3a4f5538fc24d8ea8a55db45e24e78a32f3701

  • SSDEEP

    49152:tFkmW28BRODaqU7E/2q+z9NUwVeq1y3tXntE:tCkwM3US2q+xNUwVh1y3bE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\Toolbar.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\Toolbar.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Users\Admin\AppData\Local\Temp\GLB3208.tmp
      C:\Users\Admin\AppData\Local\Temp\GLB3208.tmp 4736 C:\Users\Admin\AppData\Local\Temp\$TEMP\Toolbar.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:2372

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\GLB3208.tmp
          Filesize

          70KB

          MD5

          bf40b5a45b2598444ec60a5cf196e304

          SHA1

          280c134ac1c4f91a9ad070660fbe1ec7a8e16e3b

          SHA256

          c20d4274942565334df595da4de173202277ad95c6b503cf419096ef2ad7da0f

          SHA512

          bc66326a691647e61be50eb177c8c9e8d0c058fb2f7728547244363628303ea2969c03f8cb24c5d92899231511390134f92756b4e2414adf2cb0d491df2db3eb

          Download Submit

        • \Users\Admin\AppData\Local\Temp\GLC3256.tmp
          Filesize

          161KB

          MD5

          8c97d8bb1470c6498e47b12c5a03ce39

          SHA1

          15d233b22f1c3d756dca29bcc0021e6fb0b8cdf7

          SHA256

          a87f19f9fee475d2b2e82acfb4589be6d816b613064cd06826e1d4c147beb50a

          SHA512

          7ad0b2b0319da52152c2595ee45045d0c06b157cdaaa56ad57dde9736be3e45fd7357949126f80d3e72b21510f9bf69d010d51b3967a7644662808beed067c3f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\GLF3E1D.tmp
          Filesize

          10KB

          MD5

          3b2e23d259394c701050486e642d14fa

          SHA1

          4e9661c4ba84400146b80b905f46a0f7ef4d62eb

          SHA256

          166d7156142f3ee09fa69eb617dd22e4fd248aa80a1ac08767db6ad99a2705c1

          SHA512

          2b792296dffa4e43bc85295dc7691bd29762ce5d9d5eafaa74e199e6a8e5b24aa85d0a1b27776d4719a49b0d29abcf6f240746a209528e608b596b560e5a3b88

          Download Submit