Overview
overview
7Static
static
7f6dea9e303...d2.exe
windows7-x64
7f6dea9e303...d2.exe
windows10-2004-x64
7$PLUGINSDIR/BI.exe
windows7-x64
7$PLUGINSDIR/BI.exe
windows10-2004-x64
7$PLUGINSDI...CC.exe
windows7-x64
7$PLUGINSDI...CC.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...lp.dll
windows7-x64
1$PLUGINSDI...lp.dll
windows10-2004-x64
1$PLUGINSDI...er.exe
windows7-x64
7$PLUGINSDI...er.exe
windows10-2004-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...PIE.js
windows7-x64
3$PLUGINSDI...PIE.js
windows10-2004-x64
3$PLUGINSDI...ed.htm
windows7-x64
1$PLUGINSDI...ed.htm
windows10-2004-x64
1$PLUGINSDI...API.js
windows7-x64
3$PLUGINSDI...API.js
windows10-2004-x64
3$PLUGINSDI...ams.js
windows7-x64
3$PLUGINSDI...ams.js
windows10-2004-x64
3$PLUGINSDI...PIE.js
windows7-x64
3$PLUGINSDI...PIE.js
windows10-2004-x64
3$PLUGINSDI...Bar.js
windows7-x64
3$PLUGINSDI...Bar.js
windows10-2004-x64
3$PLUGINSDI...ore.js
windows7-x64
3$PLUGINSDI...ore.js
windows10-2004-x64
3$PLUGINSDI...min.js
windows7-x64
3$PLUGINSDI...min.js
windows10-2004-x64
3$PLUGINSDI...on2.js
windows7-x64
3$PLUGINSDI...on2.js
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
05/07/2024, 04:52
Behavioral task
behavioral1
Sample
f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
f6dea9e303e32a64e1d30893cf904f1017c1742e436e41f118fd8c09cd6730d2.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BI.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BI.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/DownloadACC.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/DownloadACC.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/FirefoxHandler.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/FirefoxHandler.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/OCSetupHlp.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/OCSetupHlp.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/ProxyInstaller.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/ProxyInstaller.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/WebApp/Css/PIE.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/WebApp/Css/PIE.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/WebApp/Failed.htm
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/WebApp/Failed.htm
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/WebApp/Js/API.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/WebApp/Js/API.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/WebApp/Js/ExternalParams.js
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/WebApp/Js/ExternalParams.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/WebApp/Js/PIE.js
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/WebApp/Js/PIE.js
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/WebApp/Js/ProgressBar.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/WebApp/Js/ProgressBar.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/WebApp/Js/Store.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/WebApp/Js/Store.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/WebApp/Js/jquery-ui-1.8.16.custom.min.js
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/WebApp/Js/jquery-ui-1.8.16.custom.min.js
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/WebApp/Js/json2.js
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/WebApp/Js/json2.js
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/OCSetupHlp.dll
-
Size
842KB
-
MD5
5b8d0d2cd9d60412262f166e15357961
-
SHA1
cab78c31f513d1f2bf43205af88a3bbfab11b1ca
-
SHA256
2c028b33da28063270a7c4f7f8affafdea63a766627178cb166253f14f3a4c4e
-
SHA512
e4a05b5479c1b9edc49d36356e1a7e212cc100f11d600bae8d6303a6c1e1ed329c10eaa1d5228860d3a7999147bc8c920c07f3acaf197f1b8df955a583c7230f
-
SSDEEP
12288:b+wnK6z+X9XgFnDgQlOpmtZkYZYiWRREaQDEK/8MoSTLyrQCT30:iTdwZDgQ4p2ZkCYHtQIK/8M7TLyrQe0
Malware Config
Signatures
-
Modifies registry class 10 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\HELPDIR regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\FLAGS regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\FLAGS\ = "0" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\0 regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\0\win32 regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\$PLUGINSDIR\\OCSetupHlp.dll" regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\$PLUGINSDIR" regsvr32.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813} regsvr32.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1A720F5A-8FE4-4A0F-9B3A-494BF58B0813}\1.0\ = "OCVBValidateLib" regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28 PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28 PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28 PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28 PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28 PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28 PID 1680 wrote to memory of 1924 1680 regsvr32.exe 28