Overview

overview

7

Static

static

3

eaba786cd4...18.exe

windows7-x64

7

eaba786cd4...18.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImg/I...er.exe

windows7-x64

7

$TEMPImg/I...er.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImg/A....0.exe

windows7-x64

7

$TEMPImg/A....0.exe

windows10-2004-x64

7

$TEMPImg/FVM.exe

windows7-x64

7

$TEMPImg/FVM.exe

windows10-2004-x64

7

$TEMPImg/P...ar.exe

windows7-x64

7

$TEMPImg/P...ar.exe

windows10-2004-x64

7

$PLUGINSDI...up.dll

windows7-x64

3

$PLUGINSDI...up.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMPImg/PazeraToolbar.exe

  • Size

    2.8MB

  • MD5

    4d14c69f86a74fc25ad116c38f8f05f9

  • SHA1

    bf8399d5f22aec7e4db7b4c385591ed5d42e71d0

  • SHA256

    db3119182761d71fe962e662aaff8aba64121130f3f1d39ac548020f26deec77

  • SHA512

    2f4acf84eb9e588ebe7a1c4731a472c0664f280982f90ec104c04021fbf6e9fc1c4708ce639fb1433ea014954ed24cd79fa94a5d3617e13b8b2e2058cac7a4dc

  • SSDEEP

    49152:qKmU/FmbvQyw+Lx8GtekgJV2cEraOdDJLQDwydRm0qw9d/YDTn3UOesiX9iYvmEd:JmUoU+LSGtYJVqraOb5yds0tf0EOevXT

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMPImg\PazeraToolbar.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMPImg\PazeraToolbar.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious behavior: GetForegroundWindowSpam
    PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nstA796.tmp\ioSpecial.ini
    Filesize

    696B

    MD5

    7c63a60fd36fa950fda20ff1b04d8acd

    SHA1

    0c093c46b1b6f1db8cabdf3500f259f97b5eaf90

    SHA256

    8d5517d24a86eafb3bcd50f3bdede17638b317e5473cb87c3bb1bb4122718f60

    SHA512

    16b99a80d07fe508a8ac4d72a63438dcacad10672d112cb5470b243b14df3e96a60ca8603a17fbb479ac6512eacad47305ff2b961d0bd1b4e8185e8283f5cd35

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nstA796.tmp\ioSpecial.ini
    Filesize

    735B

    MD5

    c3f76a06fe4316d0485429dd99f3e369

    SHA1

    6ef8b73676da5b5ee8030fa999181b0923bfdb47

    SHA256

    09e1e5a180020ea704b22adf45eaaac4755d4504c13331cde7509c3390f0de9f

    SHA512

    8166b119c0fd9a656ed7d660ff12d1ff200e7a34a386bf9efd264d2ed9b58f75b7ffdeb2c36c2554b7a58b43d00c316a32841a9a9e3faa6fc9768da12161b81d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstA796.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    1d5c649dde35003a618b9679d5d71b92

    SHA1

    0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    SHA256

    0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    SHA512

    b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstA796.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    eaf5036ef8e7fbdfa76d42c18233764f

    SHA1

    acd9f46c0500b00648933c4a172ef258ec64a1f3

    SHA256

    74a4283da525512b7fa14d40cafd905e63a8c2a3c9faca4d0605ad71f1a05a7d

    SHA512

    93d3e698c5d40f28c9d899f95f5b8ae60eceb8e96e57000ed458b9bffadcc98616aeadd4d6b930f3f91bd2a822681ef284dfc0eda6ae776ba1b7cc6ff87704ef

    Download Submit