Overview

overview

7

Static

static

3

3ad5bde8a3...18.exe

windows7-x64

7

3ad5bde8a3...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$S...1_.exe

windows7-x64

7

$SYSDIR/$S...1_.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$SYSDIR/$_5_.dll

windows7-x64

6

$SYSDIR/$_5_.dll

windows10-2004-x64

6

Analysis

  • max time kernel
    137s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2024, 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/$_5_.dll

  • Size

    396KB

  • MD5

    053541070466b4dc0f8b2b79545681d4

  • SHA1

    e68982ab132b553fe1ffa99d367d7b2ffdb793a5

  • SHA256

    5d292249e6cf6e2bffe6e3288fb687b6af57599e5e1b58ad689fd24dc4ab8826

  • SHA512

    43e39e7d50b1fd71d3c586903420f35f3973d8c5e79f178865365c67f2a3b28a337535f571f152dddeb355c493ae627507016175c1198be004dafe7bf89f4d4a

  • SSDEEP

    6144:Z2sizbp4h+bANskjE+h1M/4gmNpGmC5+BoOzVOUJvOBd3ZX+FlNzH:jizzbANsN+DtJ7GmVlhOUJGBd3ZuFb

Score
6/10
adwarediscoverypersistencestealer

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Maps connected drives based on registry 3 TTPs 3 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$_5_.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2716
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$SYSDIR\$_5_.dll
      2⤵
      • Adds Run key to start application
      • Installs/modifies Browser Helper Object
      • Maps connected drives based on registry
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:2820
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15a9b2a51a45cfae137938b5a64d0772

    SHA1

    bb827b2d08eb8b2656512e9755714d707a820f02

    SHA256

    1da4cc9ce5e53ca516033fdd4afb875e0bd9f94d4094481f50dfe49ef7fdb829

    SHA512

    82e546ded40d83f46cf721fd3cb7fc39c7ee47b16e13354cb0b1ea6bae6644703683006a922ab59649a1943f2dd89afd09fa3eec697c6deca443b50f5fbd2b74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60568cb50af4db45b5388468d1006469

    SHA1

    a757c0364764838b18e642cab2ce425a4c45c4bd

    SHA256

    b3b2de1396d8838c2c0d0bc18037af64db4d3ea0d77c1b24add706905e124b1e

    SHA512

    1335163c444f7cd166116b6c19b15d54dc73370e69efc8cf0bf0318e339b93d180e30dc6fc7b4111729304669c7a8daedf8cbd46068e4a03974765a9e7f6b9e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    831fea348df46824a74a8da70aeaf07b

    SHA1

    ef8e90b279863f64b2e6ab8c59a481b0c54781e9

    SHA256

    5a0772a1dbc1d787f928d2bf2eb834805f2c08c659e8e04da5aca3313a31e1e2

    SHA512

    5ce80058d2eaa9bcee2861e6a48093b3ba8e59cc997a1b1d90565d1f223965522a701346db4752c9f58a0ea909e1f43a7b29e5fa8fcbaa4ad8c337cce32e00ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d47694b19fc0ce7f34c287fddeca65d8

    SHA1

    f82bd6ec9b8cefc63c111b0bbff0052824c3da8f

    SHA256

    64dfc85c2ef5d9e828df09a116cc6bff6c36340fcfb19d699f1cce0c7bc12276

    SHA512

    fabd65efce2bca243df6d846c5a7474afd76fff177ec128a26d8ee87d485f639f86b2c43179f9f5350adc92b6e9ec4f58be5ab5be1f9218289e2417678e81374

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9d668eb003f2d408e23385d026f267e

    SHA1

    b23fec1a96170446b4f489eff89855ac5ffef4d5

    SHA256

    583a90e713e2894a6c0ba3f1a3400259d277da831ae7ee0cfe5c8fa61fd07314

    SHA512

    b771e3b1b736e1297e0eda513e0a27f52b731998580c8179d8f9d1571f45df7ccda527c72e59671538941750e9d5af7c5ebfb93f878467a3a168d260fb78dea6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0ceabd906717c5ff864ec81a5cb9b15

    SHA1

    6bb9ee1c2d425b9751b1a8706ce625c6df544c6c

    SHA256

    7554d5ecb304449b56473ea2aef9cabcc49890407ab1e408c48bafe4a3f8becc

    SHA512

    be07dc6355c9ebc72e0b3bf088d7437cc96a58cfdb0ad017221d4d88a9d43acab56363491c260c9c194c9243dfe6cd61e4e9e870f3b44c89b7af3d4bdece17e3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    334a2d8b4c155f42b4250fb5aa1c7c01

    SHA1

    ff9f0aa6bff6a0c9c12980289922dc414e1ef4df

    SHA256

    deed209491532ab1965d29aca350e4df32602137cec49ad80aa61d85278e2aa1

    SHA512

    ede023b37964544def6b89dfc286a1323b9b1209eb98e756e126bf2e80aa356ab85329fd273aa4686a4554e6a2d875dd619ba8674b96bf40b2604c9c80cd602b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c9af2338814c7125cabb325e4519691e

    SHA1

    0ecc511575006349b5e4e62666935d9c557b14e7

    SHA256

    bac6a371aa8b8a83196afdc0eeacf584fb33350afb959617d5b7bb93e15b7e6e

    SHA512

    84690ddf8971ba9082e4e4e5fbecc2c36dd41faf55d3f2d5ef1260b81c1c5c97dc0cf383e6e307b9d4fb859409e910ce676ef89962127c65fff1f17f117e0bf5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c72da724edd8235ededca71102e76941

    SHA1

    545b508f8fc0205d97467cf29647c732c0861c89

    SHA256

    cd8848166ddbb0b42b77686406ce0b1eca6940cf7c03fc18b6a1a9cda4093d8b

    SHA512

    2117ae5488fb77ca71c4536f568cbc0d53d47c13b5999b10ed717c094ac5808cfb9b7ebf0914aaff198c33768aabc1ce1f86b69c92cb993b37492f7bdf262de6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab4701.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar47A0.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2820-0-0x00000000001B0000-0x00000000001B2000-memory.dmp

    Filesize

    8KB

    Download