Overview

overview

7

Static

static

3

485fd9e0fa...18.exe

windows7-x64

7

485fd9e0fa...18.exe

windows10-2004-x64

7

$PLUGINSDI...IE.exe

windows7-x64

7

$PLUGINSDI...IE.exe

windows10-2004-x64

7

menu_en.htm

windows7-x64

1

menu_en.htm

windows10-2004-x64

1

menu_ru.htm

windows7-x64

1

menu_ru.htm

windows10-2004-x64

1

uninstall.exe

windows7-x64

7

uninstall.exe

windows10-2004-x64

7

wit4ie.dll

windows7-x64

6

wit4ie.dll

windows10-2004-x64

6

witapi.js

windows7-x64

3

witapi.js

windows10-2004-x64

3

witmain.js

windows7-x64

3

witmain.js

windows10-2004-x64

3

$PLUGINSDI...s.html

windows7-x64

1

$PLUGINSDI...s.html

windows10-2004-x64

1

$PLUGINSDI...n.html

windows7-x64

1

$PLUGINSDI...n.html

windows10-2004-x64

1

$PLUGINSDI...l.html

windows7-x64

1

$PLUGINSDI...l.html

windows10-2004-x64

1

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$PLUGINSDI...l.html

windows7-x64

1

$PLUGINSDI...l.html

windows10-2004-x64

1

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

1

$PLUGINSDI...ss.dll

windows10-2004-x64

1

$PLUGINSDI...r.html

windows7-x64

1

$PLUGINSDI...r.html

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/ChameleonTomIE.exe

  • Size

    185KB

  • MD5

    6ac6f46f4202ae21f46fd0068a962d3e

  • SHA1

    9e286b8f0f87df399f7a386c672d8d1473620b73

  • SHA256

    db11bb695712303ff8c9d0abe08810bdd0b046794c26f342f22706e24446442b

  • SHA512

    fb5906550c6de64b23deed80761ac7edc2bd0ee925656556dcd105aaeff3ebcc79cce849c70b8499ceae3f5be244e8dd0ea3cc6a12caa79e4e44243a57f3b3f0

  • SSDEEP

    3072:F85FnEA0PNdJl45vHHtJICAohuq4sINZGMqEcyi5/rNB8iYUjt8A47:FgFEN9IHNuCAAunnG1RxLW7

Score
7/10
adwarestealer

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in Program Files directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 9 IoCs
    adwarespyware
  • Modifies registry class 50 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ChameleonTomIE.exe
    "C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ChameleonTomIE.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in Program Files directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:808

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\ChameleonTom\wit4ie.dll
    Filesize

    210KB

    MD5

    6b4513d6395fc100d3bf98f3428286f2

    SHA1

    321ae2a5298f79c6f27ef99c4a4c913c4284d31f

    SHA256

    ac3f100228ea22017c2bf09796a046bbd3710cc3fa843b5ebc46a94d9d9bd2b0

    SHA512

    14a7b9ad09b45c6b5c13246dbedcf0915468dce26ced5851fe7d09c495812ae3cccee51d9716ef76e8a22423b32f31cc489f644dd904bafead257dea0618c9f2

    Download Submit