Overview

overview

7

Static

static

3

0837f77cd9...18.exe

windows7-x64

7

0837f77cd9...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...4_.exe

windows7-x64

7

$SYSDIR/$S...4_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/$_8_.dll

windows7-x64

6

$TEMP/$_8_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2024 01:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/$_8_.dll

  • Size

    384KB

  • MD5

    b1ec8da5c45bcfb9f68854e3e83e1ecc

  • SHA1

    e076fa98e7e97522469080b4114575d0a1333cd7

  • SHA256

    45488d93188bb7d4b5f48d9a979dedb88a4bfe14e78cda86036fd3aac07f7cfb

  • SHA512

    e4f529d36490f224178ae22b8524557e3d842f824406531e6d11ade40c8b955fca7214d9d1ee165b365df8794bc7a5a074fca378129566ff741b02bed1e48d25

  • SSDEEP

    6144:gSGH6q5r5ujKSGSLNwHPVbMDnWzvzaJfde2WdJnN9OHDe7:iH6SaKQSH58WzvzaJfde2WTbADe7

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$TEMP\$_8_.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$TEMP\$_8_.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:3020
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2308
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2308 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2904

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c53f7b64bc57f9d76417c9ddecf22071

    SHA1

    4926cc2ea37bea70b778f72c135567256265b01b

    SHA256

    06366a1652a385a8f7a7681e780eeeb7e2102f6f1a0f39e92d2e1c26e6044c4d

    SHA512

    d468f7cd1ee0cdb4575ecf2e7c63987b81cd4f087687976de3ede2603da940fd3496b93d4793372aa818ef9ecb28e0d7eb14b6615451125c62524a29aee6e36d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc84eb98ec5f4b464bd6d16461a9eb64

    SHA1

    6aebd90e63194e72b98fa7f3b709e258bab11d7b

    SHA256

    9fc96bc5141d573ce517c5bdcc24c9a3eb4c4fabe03559906cbd848158883460

    SHA512

    2ca03604dc27c746c39dca880a3fea813ababdd2acfd6e1eea03103beea76fd53ccb74a4e65ffe345120d565892b7df53830775d6255bab277e7bdac03c9bdc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fec0f2a312ecdcc1a54c33c3c74d593

    SHA1

    c5f78be7adf5e1bde4ef7b5c2962a4e36e71905c

    SHA256

    e72427ac858247caa5dc5151b319011ffdaefaa52e0db570231ea2a126cf8cfe

    SHA512

    e24f7472b16b77f4454e96ee9029648636a11836952de8558a06296d99861f24d32c7c1b3695029272ea65fa65997f881e8de9888f9d22a00ef17d6f92767057

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b1ceffaa37199be3e848e5f46cf4e1d

    SHA1

    4829124697b315b0258bd0237a64933b91025ec9

    SHA256

    87e48d5eef1238d7ee657291df723a5f36d30c4f8a2b12839ca9e7db74e57182

    SHA512

    0926c24c1a16e79c82fb42a888d1244ab40027695bc43786e52710b0a81e29f962b1849e9e3de6d1b5a56d79a8ee7c75cb5d0a9e24d1be5de489e5df9de9e0ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6c815f171c6dc7518cd7146db477f04f

    SHA1

    eb42c8c82c74ee83ddcb1a9c7eace7697bb7f9cd

    SHA256

    67c273e91bcfea6953a5e7db44e1bd4c77641c72eb42f447ea0f01ee28da9d9e

    SHA512

    fda26d1e7cc66b9f56a3bc2d5fa8076e5f991ea0e3492f44d5d3a079512795ecf2075d5aede33fe72b9f8e46c9f20d0aadee92465ed52a84218a9ba88cfe938c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da82d08e7a9ada6c890ec82603e0a5d9

    SHA1

    20a30ead7db79ee0304bf06c8ef3338a9f25bc70

    SHA256

    d8f143195e90bc5c29ca8cde1f0f05611c065984268a29592704ccc570f37ee9

    SHA512

    50a708b922c21b04aee2301789e063d0adc60d0669a9392828e97a03beb6f358479bc0184a98f23a112b56a4b03ffdaa51e2652249001c96a5e3e9c88999eaf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e0425db7709a5894f3ed2071b121107

    SHA1

    78524d395b365944612cf5dd4a08cc99d4027938

    SHA256

    82eaea3424769bc77d74dd875daf030cd05e364848156b8532680a246428928e

    SHA512

    866bd1e849010563c6216e471fc79f95e2e0d13c846e15e5f15a29493eb01e1c71f013e4e9c3fda7b3248ec24a04e10f2b29a2f950303cac6351dce1ecf20d93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5499253335bd2258d4ee551467fcf140

    SHA1

    acf66ec97a58e7fd77a76506d61ff344ed31e532

    SHA256

    939a02c276ff210b5d228ae72cd42ebb81a0aab67d07489ca338ae90eed25f9f

    SHA512

    803d470c447a66de0835a9c80a8136ce4a65ffbdd71e776359b0929413e79ebae1744c711fde199d3604f81ac6bc3a4a835b3a3176134c057b3b6ca650de4efc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe1e35c92e26ab3b26d3f3f7f04581e9

    SHA1

    5bd960eef8a04d7d3e862a0ca3a2e59b90a2da9a

    SHA256

    42d414e2abfd108fb0bf623e51e3f0cf6ad5d44a41db8053618effec1915e6eb

    SHA512

    875267bbe02e53f9c9b767925793cf663cd4eaa8c4f24961404ef82bedf8330b88fbab921771f8d11af6f2657ef3b26ae981fe02b5e1406da62f56171d7a0c9f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e559ac2fb5d615900e6bf39f47e9158

    SHA1

    ca369438da20c368ceccb52060f5f550e414743e

    SHA256

    6c8b384381fec1e15c0e3761b108bd60ec6cc61d6353430ce788f223ca127ab9

    SHA512

    2f8aa2fd97e4a3192637ab7cf6aa3493403eb13c7edc3081b24631bcc646f75e17c17302f07969839e4df0a27f485cd6a9904c38f974030496d4c8f323af090e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    924e1227a9248fce371b7aa64e8a0d4c

    SHA1

    4a87d6f6e21f191a861f71c4ffaf52b82bbf9cde

    SHA256

    592e818908b1485e9fd799e6747204267bec0a62b0e6c7475778870708078715

    SHA512

    06f028fcb3da3cfa144f81466ced0b2e2be75465489b0f65069039ff9b80f998c283dbd1d5845691bdf5a2c3a63fb3afc057acb474eebaced58902580e36230e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ae0aea21a2d76c196c7352d923b452f

    SHA1

    e5db9c2c431019e570e8091fae3ddd103407715c

    SHA256

    e48495de4562de7e7b900ae448fece18f029a5125b0ea1e7983f9fe519d005ca

    SHA512

    ba601de13db884e2ced9d6224f8a6d34081b13ac6ad30acccd9f6f98fd94cabb7e990025965482f375bcfa77b8ec2a391a2263da1a7d194ac61be3f043a253dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1cdcc862fdd867a20309ee9baa7768a7

    SHA1

    dcbb52e1cb6249bb0055c2365c5315da6989c328

    SHA256

    7b3b86f27a839cab55506da3efc5df86bbf4542f80adf9a9ed97e05fb0d511fb

    SHA512

    8be8ed32ece4d76c2ff54a0dbf5dca8f27d368137b5578d7397e33c6be2ccc794053a92aeade0355fc52931543cf9ed2b620eb33331b45957317c72751668931

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b741c8e7c7b405c69f6222bfc5c98b47

    SHA1

    17a7526fd9c58b90374f984499c4cf0f7e4b09ee

    SHA256

    1e998e860eda13660b14821e1b162b443fd79b654fcf7464a8d1c66338ee9115

    SHA512

    3d6c3fad44ba7efc323cae9fa427f9450138d271396d79109abe3a518880bbd630eef67af18a05bc42e819a779674a7cb5af80b9e952c4af3f12663323227112

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d0ce20d8ece938d128c031699da85339

    SHA1

    ae7e7e76da4437b7605545eca8506c9886c6e20b

    SHA256

    30bb418befd0762c8897dbe7328b097e2b4f52b1bc879d3473f8b47275dc94cc

    SHA512

    a496150ef6fd045b67a1fe07d8dbb80250689ad402567c1f2dd040f41091ec849dd3a292e88da3f01919ad377a347465bb50a8eb7454c472564a0c248b7a60a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdb86a1eff023ded0ce7d671178456ee

    SHA1

    7a97414ee2358fa96b9899abff4df392c99af462

    SHA256

    1c249b03221f0db8a166ca20193fb18b602f747220e1d808ac09d024393dabf9

    SHA512

    e7c32544188fe98de0300116ae31c179ff6d095bacf15a57b05582bc2cf619e6cbd0c4ad829b722e1046508f0c445ee4cd756d0c35bf236180562799fb4aa8c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eb4d3585f62da186ee8eedde54c114c9

    SHA1

    f320eb80fd0761e282b51d81f98f51a9e5310e4f

    SHA256

    a825a3dd07f5c93cc7c529ca0e8f3ea8c1d3da4b46e23089a087c1bbbd001811

    SHA512

    0980ccffac4e535c19cea7e08cac15ed68a21a375e4e99d6d823733f26d39dc8bfd11e5ea3aec7545d4b95c381f7ec9f3e828ca0c833f2a0b31b33903d2f3d9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12f218be114a3bd3b9b825ab38b90a25

    SHA1

    fbb416e75a3da0099f432e290980355f83a55fa3

    SHA256

    9d7c9046f3728ec222d0c627de650d93d01c998fb3f1683cd3929def6ced1a1c

    SHA512

    aed0c5c6063093173442bc82aace64dc301129739e7a3509af3d9ad933a3b23bfbb5ee06bc121181afb18f16012dcbafffc639fc690f04c9eca099fdcb0790bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab906E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar90FF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/3020-0-0x0000000000530000-0x0000000000532000-memory.dmp

    Filesize

    8KB

    Download