Overview

overview

7

Static

static

3

18140aec9d...18.exe

windows7-x64

7

18140aec9d...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...4_.exe

windows7-x64

7

$SYSDIR/$S...4_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/$_8_.dll

windows7-x64

6

$TEMP/$_8_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    117s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/$_8_.dll

  • Size

    491KB

  • MD5

    0406b86752c4fea2a84260aa45bbde5a

  • SHA1

    5bafc79b20192b8ac9820412863536c0b410cb81

  • SHA256

    c0c293214cf2fc3e43a356dc0d14e9483e767a6271781da4e4a352f195ff6a1a

  • SHA512

    03ac3bb6fcdcd582a44917033719218c1c3709b7b2f019ce24ae1ea8926d3f7dd73570d80c0399ff5b08e8dc5cbebe13a091babe87ee04e6ffd93a649cfda68b

  • SSDEEP

    12288:62SmnPOmDlanyPt26U81o8ucrfUkeLOz:PS6Fkl78ucrfUja

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$TEMP\$_8_.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$TEMP\$_8_.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2076
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2752 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d7be3392f5da48cadf15c53da4c655e

    SHA1

    8c32f10eff8144bf005d575bb5901fc9c1f4c89b

    SHA256

    e36fd37946282911d0abffd3e57c546d2da97886a727a1626ebac4e297ab27a4

    SHA512

    5ca58a9cee6a2ccbcda68e6ad1936ed8a2d37c08068a59cbc7922a0e7122221e67fdae7dd9bda01c5e23bb6fd93c0ef90b9e1320a47b4802a5c8d2631482e448

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccd0cd38c11d9e79c7dee58b949a3e38

    SHA1

    4e50d001506099530dce9629b0df8724244ad60c

    SHA256

    dd45cd0fd0212dce030138fe4fb4e8c00eb00438c9543fb17361e8862c52e492

    SHA512

    c256441e1b2477ce30e0d28dcb2993bfc6103d661b6ac82dabb5a72866a22f4d2cf9706a8ad93a86c4ca0046d0485025c313ca4319a60935c5d83fa5e265e297

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    881a5472be8eb5ab0824587713bb1410

    SHA1

    1488331ec8705c61ded27012cca1909dcf6a46cd

    SHA256

    4e0eb0b96a30ad31a7b9aede8219b20a9d9ec37c566481ad5087a81a1cff2c90

    SHA512

    5c77e330d16c6337b89107f8788e4554910eb18af7b9b042a83bc3736f6ad6cbc2bf717e3ef6542216422c17ee79bb6b2c2a4c3c7c5a0081c090334be3caeb2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8c890f71d6d26c0fa61da39874798458

    SHA1

    bef7bdb33a71190ec4a2a01f399edb646708cd66

    SHA256

    a15804af2be42f48dc2bcf5bae182bdca02f70adafa4270f9d81a874db7b256b

    SHA512

    7c9ac78f551c84e0761b96302be53263492f06c7ce000d048dcf0887e274b7dac18cb92e504885283163dcc4ea9f2383f48955b18010b5f1c1460c8930b79cd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c6be10c0d719f63ece12992c0f6d2e6

    SHA1

    969c8d2c8f03946b46d9c22d9c04d4cf8f5ba702

    SHA256

    9142987bd1b427360aa2165c1f093b663aab9c770fbe6e5294657255d649703d

    SHA512

    1aac3c6a879e660652ba0955b73eaa24e19fac51384cdc573919de494a3a4a415e13f2cce4b11d641be332dae68c313668d23c1c26798a7171019766cb8fec8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    196f53886f5e9d970ad51aac41270fbd

    SHA1

    232a98d3d03c5571401f97e7efaa175cb6d9d5d4

    SHA256

    06e06298553d04f43f0488d1d1b36893781ca229a7bf0ec02d5c2f57222ae8c2

    SHA512

    520cbc4e6d8a2f753a0ab5f8a2c9d67bfc358a0de3c469ef8ddf90fb02e0d8d977a95c28a5d7b2ec12e43d138708784a9438ecda71ca48bac142883c52207503

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7083f28922481ffe1383f9fcb9ffa483

    SHA1

    a5b5c26e141c724b1b0208f295244d2676d8bb9e

    SHA256

    21196e34c286077e0fb4a2e913d65dd9e5f40934e93581c1b9197016ace9a525

    SHA512

    1b86827efaf0f4e7f786acf74d2d058e9ac92481c2bf8216c568723e891f563eba429d44c73773e870c8833ae5dcb2eb38e0b91ceca40f61cd4b49fe51dce5a5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    001220dba95b559b8c6527792dfb3ed1

    SHA1

    6ddf6e71b05b9140f30d89a3683481f982fa9c0b

    SHA256

    b2bec84d7ba292d8707f777bd821d566bc26125c0477d32bd95265338abfb7ac

    SHA512

    94dca3fde4d4167b3618a8f7d8d43893cfdacd197ab1dbf30b758abfbc16214ebf2d414c49a96cde6953d96d9c93be1f4142b85e059fc017d2d3debb44d56383

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28a87c4e57589f4c5070cad8bab4f78b

    SHA1

    7b0692af28e5a823bb55bbd2d5595b144e717ad2

    SHA256

    a38690d79cce550714b149d4abbfe609ae37d10604c69a134d3e193eb7413565

    SHA512

    1b28b66a5dfdfc813165bed678ef179fae027f3f5467762e16eb073c587d8541e432be209ef6b1e34d88a36bf5b4f922e71f38519b6c5614b34cdfc886d2597e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    44ec94d7a0d89e3dfd6beb3189939322

    SHA1

    64abb6f250a861c7af3ec28a7216f678e0e7d8b4

    SHA256

    0c2d054a109dba231961c94e33d59f677c97936de22e6e9340e06967910b7021

    SHA512

    2ec2d91f6d5b83e63e47fe02c74d57bfd528b466f41256fda66f6b5bedfcbee2bac70ea500f1409d82c09bdd3db86e1f5afdab897e29d982b514cb9dd1fa27f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e4212da71b9eb0b1e2a74b3a1e6f58e0

    SHA1

    e77f36e8465a7bb1f754d4f1aa0f25a0571b2837

    SHA256

    5fbd363452e229e34c6744c1b4a299bdc1cf0c703337f0343c4cc52c591b44ba

    SHA512

    c770ed9a1fd936548f5935ea90b8ca4041720ed29e77a875f5fdc85ed1affd508ad99e6165ad5fe9cde72ada03dc047132891ec0b288d38add187c5cd02b75f3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46ef85fab8ed30acf0b310f9d8e8e729

    SHA1

    ebe6fe3bbac857cab1e540887e2361a001507da4

    SHA256

    e3af2502fa1d602359588fe416a1a4d9ecdf616fb669c7af074383147d90ed4a

    SHA512

    05d5fe0c486a5a305db80f0c68750c5e97fed77ef4fd4fe9644398540bf029094bb425455759bc8ad4482fd502e162b0b61edb2e9d4f25962af84f864865b1d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ee44c44f5490c6a9e72b7386293b0f4

    SHA1

    73765288079aad7c5f78f31efb18c182c3af9879

    SHA256

    aef61d91be863ad4fb1735e5b4f6ac6a86c450d04b095e6ce52087f4b6bb2f1e

    SHA512

    3749c91dbf3768b2b8d9864abaac937ccb70ed8f507237d3fa0c8df86ab72f8b1d492d9c45b3cb94574e8401590d6e2a30fcf2e526f85329e34c2c0e4ec2c64f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f89f490e6879bebbdaf20eedcd211c7b

    SHA1

    1d2832cd7c8eb5896dde24bbd8e486f1e73cf508

    SHA256

    4a343ac599db406a3b4eb8963a4efb38ab2b503de0a41b7a773634e1a3dc4540

    SHA512

    a5cc55b41633cf111fec787cac1fec5ee315694d0681b2af4ab108df6b8216c0b1a9976c61f36b3aea7786adedaa5e1ccca312242cbc40382982dd1c511d7a2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b6763c5ec0a5afce164fb8d774870ac

    SHA1

    405a79c71946a8f31b7db74f92d24227d8b8e885

    SHA256

    e01b413318002ba1be8f692bc50bec67e9b5d7ed61f8a908a2890304b7a938d1

    SHA512

    5ff6ccd421b61b7512b2981dae880cf5b2989b7a0605e7dce40cb495ac60b3754a62f8eb3f354552c537eab00ee39fa9dba72cccafd8d1b8bb37d86ee33b191e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1FA4.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2005.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2076-0-0x0000000000720000-0x0000000000722000-memory.dmp

    Filesize

    8KB

    Download