Overview

overview

7

Static

static

3

upgrade.exe

windows7-x64

7

upgrade.exe

windows10-2004-x64

7

$0/browserseek.dll

windows7-x64

1

$0/browserseek.dll

windows10-2004-x64

1

$0/browserseek.exe

windows7-x64

1

$0/browserseek.exe

windows10-2004-x64

1

$0/uninstall.exe

windows7-x64

7

$0/uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    146s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 21:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upgrade.exe

  • Size

    656KB

  • MD5

    9072c7ab788ae840d16e5d1669029a97

  • SHA1

    7672619eb461756a7e1353e350ec57e9bdafce7c

  • SHA256

    3f62c010d1806625a8e2e099d76143ff8d0ef6a09fc02034a022e0ef3b336148

  • SHA512

    0fb2b4011759e575831e356d13a6f1208d901c971f04e0e5b8ad99b3a58935784cda18ed7fd03ca9c49dfd59437d7ac960578d03a0da2575236a75017d1b6c4a

  • SSDEEP

    12288:5qHsGleIjHQIXLRqomJ8JioWzmNG2APCYSZVrC1iHYuVgVus2zYtZ:5UwKf8omJ8JiPNPCjZVKiHiVhhZ

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 1 IoCs
    installer
  • Modifies data under HKEY_USERS 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\upgrade.exe
    "C:\Users\Admin\AppData\Local\Temp\upgrade.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2384
    • C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.exe
      "C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.exe" "C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.dll" 3826683820
      2⤵
      • Executes dropped EXE
      PID:1920
    • C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.exe
      "C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.exe" "C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.dll" larezobit "" yipopuriba
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:2004
  • C:\ProgramData\BrowserSeek\browserseek177.exe
    "C:\ProgramData\BrowserSeek\browserseek177.exe" "C:\Program Files (x86)\BrowserSeek\browserseek.dll" kimupuyi givefokimu
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2576
    • C:\Program Files (x86)\BrowserSeek\browserseek.exe
      "C:\Program Files (x86)\BrowserSeek\browserseek.exe" "C:\Program Files (x86)\BrowserSeek\browserseek.dll" puribavape wolizamev
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.dll
    Filesize

    560KB

    MD5

    83bc9313c669ed8d9a61714a8e0efb10

    SHA1

    1b52cdfe847a55ae069df6e64506f7b661271ab2

    SHA256

    73e773968ce0b69521efbfae93376fc0ab96560a9d51f5ff0b5568951f7038a2

    SHA512

    0a5d199b2190fd41d2787deb29532ba9315869c9f9116c6f19739ce0c3ce1e3d2d48f0b113a7255f63185dc3ab9e3ed24e2f8b5260fe8c13a4ec2dc08995332a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd6089.tmp\uninstall.exe
    Filesize

    82KB

    MD5

    3f0967dccc27c0b022dd6be6a98fa390

    SHA1

    c57846d9800a9cf8c6a39170a6a045dc80d8dd29

    SHA256

    9834d7bfea7dc27409d0cebd59175c00a0ee51b64b558abb26c66fed50bc9825

    SHA512

    1d0bebf9a484ba7727c288156420be9f853537ceebb8d17450646f5e501f2f44d533f31df83c574c0bc8f13c0fe77980d95188a5f5a920cecaf24df8579887f0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.dll
    Filesize

    560KB

    MD5

    4c0b9b55f9bf6a132ec8e8486e45c951

    SHA1

    d0d90d1a2217d0baa15b45a28a870dac782c3526

    SHA256

    bae5ecfb745db693c801a235ff138da28c3dba149bca29f3c1d35836d8c11d98

    SHA512

    0d4dce0481a1cdffb9f6630ce2a163f100b163cd58d7e3426ca83513ffe0b90aa0373928b2bc1af00aa739843fa740a283ff5df8eea19b3754c0834091fc618d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd6089.tmp\browserseek.exe
    Filesize

    48KB

    MD5

    e6f88bb87363c318c22c44d9be58a49d

    SHA1

    fcfb85dec82ccb50d021a5d1f7db04344d9dacbd

    SHA256

    59d9c9197b20786d7ac363ea2dc02c4072ffcc2903fed9ce522149b384fbb890

    SHA512

    d6bc1821c8222304b1a398d7ce514b22a160f4a66cd013dcedd3e0a05cb445b87e883f7115be442e55dd0cba1579cec6413e2c853d6748fbdc17d0b6f3f0b75f

    Download Submit

  • memory/2004-26-0x0000000000220000-0x00000000002A2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2576-37-0x00000000002A0000-0x0000000000322000-memory.dmp

    Filesize

    520KB

    Download