Overview

overview

10

Static

static

3

337f603c8b...18.exe

windows7-x64

10

337f603c8b...18.exe

windows10-2004-x64

10

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$TEMP/setup.exe

windows7-x64

10

$TEMP/setup.exe

windows10-2004-x64

10

$TEMP/sys.exe

windows7-x64

7

$TEMP/sys.exe

windows10-2004-x64

7

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$R1.dll

windows7-x64

6

$R1.dll

windows10-2004-x64

6

$TEMP/tcpsrvc.exe

windows7-x64

7

$TEMP/tcpsrvc.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...1_.exe

windows7-x64

7

$SYSDIR/$S...1_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$_5_.dll

windows7-x64

6

$SYSDIR/$_5_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    136s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-10-2024 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/$_5_.dll

  • Size

    604KB

  • MD5

    b8b303dbcda489ce392dd78b9c3088ae

  • SHA1

    5fbb5dc212a26c8d995d9fc70aaed84972c81378

  • SHA256

    6fc9b661c0be1f1c29943c41125ed6e883576f2714bc9c4738a1098850f5bbde

  • SHA512

    551745e3bdf647fcf0c8e0b9d92cb691c0d011382c9867c0d575221cec5c669277d79467d751b37269c5e61d31a9485d9a21c5015db0663b4c9a3639ced96b03

  • SSDEEP

    12288:bpFAxUbm+/1uMiaqGvBmNM2YOjYdE8MZV58A8+ic6Z8yv7:GUbm+d8adm21XSfZUc6ZX

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$_5_.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$_5_.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:1600
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    666ad10ef8a74b2aac947b22e229f8c0

    SHA1

    0a8cdafe3cfbe37fff2dc84ba24afcd79aadadd1

    SHA256

    c7f8a83cec8ad455a150e1b4f6efb20e706fbcab9e6144ba6d18546aeadae6e1

    SHA512

    49cc72748205000bb3b47790ee2defd5fb92d1d76d1c1860f45cf8482ad3b5723165d9562c1dd861c7ba3cb418958346e7826ce2e32bcff7c5c2fc5cef609ca2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4afb0ae838f02a5139a102733eb71fa

    SHA1

    b47c153408b19e542070a0cf1ff82e05f1b90b18

    SHA256

    90b1bf1a2311149721514c9b6ea5b0ec4d490b4c03ca3ea08aabf942f0afcf8d

    SHA512

    0e32672b0ad42ccbd68dd49b1c381f5680decfd5d373b151ebc8bb96107ee2ce6c01d121c9be1ea2470046bdf0d08354dd575a593cdc9ba18eb98142c9d868d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7a990ffe719bfe2d327476491e13ec69

    SHA1

    06c9ba785eea126030ba3c61453cb7ae5c402094

    SHA256

    0fc4265b40dd209548cd856c42073704552026c3b4e881062a887a90675ddc6e

    SHA512

    6e9e4abbffb32933913fab71a3be8ac740d1d57a71a69adc7f8fd973ba637b676db77c4636c37c9d53f9f0fef203059b9530a113e2bf20137bea16dd1958a578

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    762b0558571fb9c34d0a44934f3ed5b1

    SHA1

    94612037bc307254856abdea51f6d5d92228ce51

    SHA256

    b5d866394eecd244d935145da47d35c0734009bbf6f72f7cff834ae7b4ca32ef

    SHA512

    a4af1c4e51c3a68897b61c7602864f0f3f5390f33d2568811d5a5af57742ad5b0d4d71e27250c0cfa42b0893019ba0e4031980beb59875076674945082ecafbf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5463464ed4d0175047ed48f0807d298a

    SHA1

    116c59cfb53ec936198dbc57137128718e55774a

    SHA256

    e8c99ceabce2fb03491ecf468d807001ce0024f61b8911109d36f0e9a73c8245

    SHA512

    0138aac5b2fb64c61dcdbb54fd48942d83e3046d223ebcf10e7d84c51a837852e0b7dec53b88a8c594b30ccf66bc737cb8988705df531fab1c8c39e060c92fed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3e9d5335eca6c6918d2c15e4c92507bb

    SHA1

    8143fbcb19764dacee2995551a102edfe4a28f46

    SHA256

    3d23546b41f0a953bcd58c37c47588cb8fbc40008618d83ddb08a8d16b11b34c

    SHA512

    3a137eebef9aa812266baa889cdec1507d00c53304c6fecc945257e67b93e8cd80f1916effce0a346712e90f31bef25b460e56bfb2f3e1cfe55da5e7f44cc6d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65c6ea47fbd3e51d248c00c4b3f4b030

    SHA1

    975229cbc51387218b75892c788d1be5ed079c11

    SHA256

    6501157b74de77e81fc633815f736a59833e2fd90f05950cc033fca104bfb311

    SHA512

    e7f18a94a42da4cc6b840911fe3fe6a1d948f87437ff0ce230fab86f9e69826c7efc3015e654b3775b527f404230ac18c9b763e1d5212bbbdd9cdd1662d6f2d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c433cd02aa950f9d86d9dd7d27ac017b

    SHA1

    8c0ca1c021dc13dcdd9abd6eaf292fdfed34a995

    SHA256

    29232578340e1416aa15e1a9f71cef064ed1570ed68e997f6ed33b19e59c9cad

    SHA512

    400ed817e727b66d314e701baa5e903eb5357a1d8d8aed9a2d9e869bdb42fa69dabfe38894287d8f2a3d551e5d08207b473007abeaac04ddb969c95de61529df

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3ff8a4a864a02c20c4e9c9d02375459

    SHA1

    73382c89e5c980944c43b0d71fa0b1400d6ca93a

    SHA256

    41e149de5451abb64e783df1b35ae82d56e3be28e2346db589b69235429aef9d

    SHA512

    8f5946686f9cc515044add33fb16bb7c638b2232ac21ff7e821f8d45cf383ae8bd022a14c357cb50a9a95e08eda5e6f0aa5bf8a200f1c29ffa81123da66cf161

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a1bf5d3791c5af7b3da74db479cb0571

    SHA1

    b1804cb08fc3282f0e4a01f72df439294d4e03c4

    SHA256

    c3d25c1096f25fc6d753d6747cf33896fdb25587d8a76284cbf19f833ccc8699

    SHA512

    ecd0781a7585be1ef8e82f727b7113bee14353d518ffda0334bc3f1bc01cf0a6dad2e3194024b0e28a39bf027333c7028add002f64dd70f6e2d010c4c6d39d86

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8be4978f0c398a6ee1f0946c94a0151a

    SHA1

    cbb529325d06e4541057d022c0be06b3e280aac7

    SHA256

    f7301675729de8692f0ec856ad9fd8436548d3b39861f99ee04fb07c85a1caa1

    SHA512

    991fe8d33c7895b85eeb6853af3854f7fc1dd5c8e03b7e79e6e94b3b40d490be3e39f3f90da133aac74f4eccaabac2b2e3207bda5986b2c78005761a6204b2c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb2d636b4def2704785f510ee24f2c52

    SHA1

    c014b52b9ba9d49590984d752d44bbf68ef8883f

    SHA256

    9e21bce161091fe8ea1198f9b51906a3b269a255e6756aa48435495c53fe6e82

    SHA512

    25f49914087eabd294e84c0818249b75de1decf2a0db82519cdaa20a31b72adbd19201277e37265b671d00e25490fdf91e1476779910e39a85119c0d712d616d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    688177e20150a15d3790de987574323f

    SHA1

    972cc80f7e918e08539e6de6e68f685f90b90177

    SHA256

    6366808957051deca08acac558e0cf91885abb15227f9e14dcfa77cdc610f9f7

    SHA512

    883fd3d30be2327cf91d5e146d3f6c391553be5a137147dea4ae78b16dc04381b36b34b1394fc4ec8365d8e330dc9a65e37334db5fc47f192cc55bdb9b65dc01

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52cb77fbf4cd9df636ef237cd9de8756

    SHA1

    d6bb9d88edbb15e6afebc375d7cf6145caf80b30

    SHA256

    99819ade2a617e3b2b7ce95551785806439da3b8b2aa3e178065d20ffee826e2

    SHA512

    1c05b0b3096a6fe6f50f99cf225aca88f01668b56d0d1052b7a07f7834cc84afcf3f3363b9654d0552a495f43bd0371cc7a880ca66ec50c012f656d0b8b238fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    992189c4f6dae5f2972db37a2d8557dd

    SHA1

    9745b0cd869a49f8c06e434080b606355905563d

    SHA256

    63a1ce958f7d961d12789e046c83ae968924bee83a44424f5872aef15839b91a

    SHA512

    c55ff2758b967fe2dbd57bdc44cb9587945a95e88550e861be0f9034a6bf4973fe2becac96138ae2b53863ddfb12b4de02957598342bdbcadce80c0eba254acd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0201ad97958c95273caa94d5c31f4664

    SHA1

    e8dd5030d9582384d2ed14150124bb2ee86fbcde

    SHA256

    96fad7da1f0adc53a9cf71d57ca14ac91cd17de4808c14d2bca7525770e28411

    SHA512

    b8c66cc5a432bf70ba0f09ecf9c25fb2614449adcaa6fb61437902e2555228f9292e35a3dd2183558c5dd818c901f59960396912df063310dabecbbecf8805b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd0a68c7ef67373f45fd4cf5a2929992

    SHA1

    256a7eb867638ba6e7741f05b4634a0efc1354ce

    SHA256

    77ac637e40d63010ccb4e6d0f324edbabd6470265dea835f6eadc80b54929976

    SHA512

    8456f3cd2cfa1485adce3448fbfc3812c642ddf4120209f16bfb2e3183ebd286187b60d8a0716c15824ef9aad204d15aeaf7ef457b788826cf2d6c2be987d450

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e855b79875b6646f226d4ed679fa48fd

    SHA1

    56f1c9d6ca562960c9a80cc84db9d88bd89ccada

    SHA256

    6005d4dbc67fd5ffe6f3715a6860908542ceac87d90842b0053dd07f00c8a225

    SHA512

    2c6cfff621ebc24772dab24a2727ef9a0764fd77976ad41662e192354a7b3881780f3c62ac3eb3929fdbe8bdcbf4a95284038e854526596a89f24f6005843eb3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE3EB.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE4AA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1600-0-0x00000000001B0000-0x00000000001B2000-memory.dmp

    Filesize

    8KB

    Download