Overview

overview

10

Static

static

3

337f603c8b...18.exe

windows7-x64

10

337f603c8b...18.exe

windows10-2004-x64

10

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$TEMP/setup.exe

windows7-x64

10

$TEMP/setup.exe

windows10-2004-x64

10

$TEMP/sys.exe

windows7-x64

7

$TEMP/sys.exe

windows10-2004-x64

7

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...es.dll

windows7-x64

3

$PLUGINSDI...es.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$R1.dll

windows7-x64

6

$R1.dll

windows10-2004-x64

6

$TEMP/tcpsrvc.exe

windows7-x64

7

$TEMP/tcpsrvc.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...1_.exe

windows7-x64

7

$SYSDIR/$S...1_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$_5_.dll

windows7-x64

6

$SYSDIR/$_5_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11-10-2024 05:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/sys.exe

  • Size

    1.9MB

  • MD5

    361afb77460382b303ff0feab78b65c7

  • SHA1

    e3b44a60f2bb4998399252cc36d3e65dc80deef1

  • SHA256

    2063d5933ad5f7789082e04d6209032c4f85ef495f06b9de3f41546f0fde6de8

  • SHA512

    b81233d5d15884158ec99a64ecfd9239906d67bf149282f87e458718a9eb8ae71b8c00cbe5e6d289b48ab5ac0ff7d1f061bb1caff67d93dfcf9c1a387726615b

  • SSDEEP

    49152:4alHayFPW9MgP6WaxFn6HIIGpTIqiqvspY9c:jFPW6gPxaFn6HIIsBPvspd

Score
7/10
adwarediscoveryspywarestealer

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 1 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\sys.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\sys.exe"
    1⤵
    • Loads dropped DLL
    • Installs/modifies Browser Helper Object
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer Protected Mode
    • Modifies Internet Explorer Protected Mode Banner
    • Modifies Internet Explorer settings
    • Modifies registry class
    PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nssF231.tmp\Math.dll
    Filesize

    66KB

    MD5

    b140459077c7c39be4bef249c2f84535

    SHA1

    c56498241c2ddafb01961596da16d08d1b11cd35

    SHA256

    0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

    SHA512

    fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nssF231.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nssF231.tmp\UAC.dll
    Filesize

    17KB

    MD5

    88ad3fd90fc52ac3ee0441a38400a384

    SHA1

    08bc9e1f5951b54126b5c3c769e3eaed42f3d10b

    SHA256

    e58884695378cf02715373928bb8ade270baf03144369463f505c3b3808cbc42

    SHA512

    359496f571e6fa2ec4c5ab5bd1d35d1330586f624228713ae55c65a69e07d8623022ef54337c22c3aab558a9b74d9977c8436f5fea4194899d9ef3ffd74e7dbb

    Download Submit

  • C:\Windows\SysWOW64\89f72d32.dll
    Filesize

    2.5MB

    MD5

    81dd5db35b7311d7e86ad64bb21946c0

    SHA1

    936997fb386f9d482715dd5747cace7ce94fcdea

    SHA256

    0b87c091f55d456fcf375cfd93cdd4fac981537c53fe06bba20db4d37f624aa2

    SHA512

    014f93810a96d99b7b3710366acdd8c869c152940bcfd4b6764ec12a69dd36d874bcac544f62279dd35054cd21c99cdc90dd00c74153be23f5e39100f19958d7

    Download Submit

  • memory/1388-19-0x00000000023F0000-0x000000000240A000-memory.dmp

    Filesize

    104KB

    Download