Overview

overview

7

Static

static

3

0ea029ddc6...18.exe

windows7-x64

7

0ea029ddc6...18.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImg/I...er.exe

windows7-x64

7

$TEMPImg/I...er.exe

windows10-2004-x64

7

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPImg/A....0.exe

windows7-x64

7

$TEMPImg/A....0.exe

windows10-2004-x64

7

$TEMPImg/FVM.exe

windows7-x64

7

$TEMPImg/FVM.exe

windows10-2004-x64

7

$TEMPImg/P...ar.exe

windows7-x64

7

$TEMPImg/P...ar.exe

windows10-2004-x64

7

$PLUGINSDI...up.dll

windows7-x64

3

$PLUGINSDI...up.dll

windows10-2004-x64

3

$PLUGINSDI...ad.dll

windows7-x64

3

$PLUGINSDI...ad.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 07:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMPImg/PazeraToolbar.exe

  • Size

    2.8MB

  • MD5

    4d14c69f86a74fc25ad116c38f8f05f9

  • SHA1

    bf8399d5f22aec7e4db7b4c385591ed5d42e71d0

  • SHA256

    db3119182761d71fe962e662aaff8aba64121130f3f1d39ac548020f26deec77

  • SHA512

    2f4acf84eb9e588ebe7a1c4731a472c0664f280982f90ec104c04021fbf6e9fc1c4708ce639fb1433ea014954ed24cd79fa94a5d3617e13b8b2e2058cac7a4dc

  • SSDEEP

    49152:qKmU/FmbvQyw+Lx8GtekgJV2cEraOdDJLQDwydRm0qw9d/YDTn3UOesiX9iYvmEd:JmUoU+LSGtYJVqraOb5yds0tf0EOevXT

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMPImg\PazeraToolbar.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMPImg\PazeraToolbar.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    PID:740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsh71C6.tmp\InstallOptions.dll
    Filesize

    12KB

    MD5

    1d5c649dde35003a618b9679d5d71b92

    SHA1

    0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    SHA256

    0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    SHA512

    b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh71C6.tmp\ScrollLicense.dll
    Filesize

    58KB

    MD5

    9de28704babdcf38f423c36eae737e17

    SHA1

    dd7f7b03430bbc9d568c6ea31de88fc281c3eec3

    SHA256

    d81d764e13b8e7a7ede9964f118d2de44b13c39c442527c0ffa11ed25cac5014

    SHA512

    74e0b8b2cbf2de7ffde19e31567976e4c59fc68df351621acee5b0f00734fe7cb95f29fc822313f58ab9cf5f2822763d6021643e088fa6a37bf6d4672f6cbeea

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh71C6.tmp\UserInfo.dll
    Filesize

    4KB

    MD5

    eaf5036ef8e7fbdfa76d42c18233764f

    SHA1

    acd9f46c0500b00648933c4a172ef258ec64a1f3

    SHA256

    74a4283da525512b7fa14d40cafd905e63a8c2a3c9faca4d0605ad71f1a05a7d

    SHA512

    93d3e698c5d40f28c9d899f95f5b8ae60eceb8e96e57000ed458b9bffadcc98616aeadd4d6b930f3f91bd2a822681ef284dfc0eda6ae776ba1b7cc6ff87704ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh71C6.tmp\ioSpecial.ini
    Filesize

    696B

    MD5

    abbbfd3ad885899b6dcf64f5be222009

    SHA1

    56152a1abbff5f980b7ecf934f5b107f6f646200

    SHA256

    d40355b808d1a43d1d29d2325495d9fbca9bb8b8dbaf12d59b4eea8b850e84b8

    SHA512

    73ce8db1c6f01acae2e43b92967f6fabd805e9fef68032260837ef1a68a168725e339b7caa4859667d3e76fc882e4edcef2f5ab5a4a05b3e8bbd9ae32295df43

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh71C6.tmp\options.ini
    Filesize

    1KB

    MD5

    d0c1fe1203bc8efa9d0588d82dc7a38f

    SHA1

    384b3e295f0d19e7898adfc7cccd5abe28756d75

    SHA256

    6c0769d520ab6394290dd4e03b181a9775b045d58104c505b0775ba1369b464f

    SHA512

    30e46003f2c825d7854c87d49bc36cf34a49eeced209533ebe90690ebe4b74e6618189071b0a412ee561d7f8f9375da945f45dc51c09cb4a32ddd54af2b51162

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsh71C6.tmp\options.ini
    Filesize

    1KB

    MD5

    071be0c920e04c9833399f1c59721a2a

    SHA1

    d87f42dedb90c41da66f2d8eb3c015de52d445bf

    SHA256

    76951e549777baeba529d841300491e8561ab93eca011ce3b3819a4742f0a27b

    SHA512

    1d1cf270b67b1027c81bdc8a8cf1990aeecc18cc2f57be34b0f44435b741cba4efe6cfd3c2cc0547ab2ba643ee37ee96b3962222b425b3b79733b5913c6c952c

    Download Submit