Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 05:34 UTC

General

  • Target

    903783a8bd91555b5ee3406afb36ddd0N.dll

  • Size

    283KB

  • MD5

    903783a8bd91555b5ee3406afb36ddd0

  • SHA1

    160c4fa48028feacc133b33197ce256554a626ec

  • SHA256

    13262575641c6a3e7bf49c398aebb3f3161ac82dc01aa20212d240568dc1b7c8

  • SHA512

    a75a7ce6f48d3aea7a6b69dda95673b0e68049ec9c1f20ed5e3c97cc605c955c443f3c6a2a6ba9824a6cf83cd31ab8ec1e5d0d32cd8e32efb87de0f761e5f264

  • SSDEEP

    6144:zSFgFKbLMiyhvsrcMt7h6x0YYhbe1Ozm/YiWCCP9l+79INgpAs7R6TdC3icRkUB:zSFgFKbLMRhUqQRuys7RCd1cR/B

Score
10/10

Malware Config

Extracted

Family

strela

C2

45.9.74.176

Attributes
  • url_path

    /server.php

  • user_agent

    Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537

Signatures

  • Detects Strela Stealer payload 3 IoCs
  • Strela stealer

    An info stealer targeting mail credentials first seen in late 2022.

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\903783a8bd91555b5ee3406afb36ddd0N.dll
    1⤵
      PID:1056

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1056-0-0x00000000003E0000-0x0000000000402000-memory.dmp

      Filesize

      136KB

    • memory/1056-2-0x00000000003E0000-0x0000000000402000-memory.dmp

      Filesize

      136KB

    • memory/1056-1-0x000007FEF73C0000-0x000007FEF740E000-memory.dmp

      Filesize

      312KB

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.