aa50e7bee9ebdb20bdd11b89d996c8fa080337c25a01fdb3d1559cddbe901356 | Triage

Submit
Reports

Overview

overview

Static

static

6

win10 5 mi...ternet

windows10_x64

8

win10 5 mi...ternet

windows10_x64

quick

windows7_x64

8

quick

windows7_x64

Sharing

General

Target

albertu97@hotmail.com.zip
Size

939KB
Sample

201129-447yaeqfye
MD5

21e4d394be054c7ef90299d7343a1e44
SHA1

1bfb8a41e67b5af9d7283731d8673b553f92639c
SHA256

aa50e7bee9ebdb20bdd11b89d996c8fa080337c25a01fdb3d1559cddbe901356
SHA512

fc5b47501b0ccbbbe91174b1494c5f810bbbe083ca694a39f0cae2ca890d88c0c91661d6be950548f3d76cb9e85f67cabb4fc4e1d93055021ccd792af0f1adb7

Score

10^/10

adware persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

22VVBN0D55D8GF7000DS1S4S8A5.vbs

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

~.exe

Resource

win10v20201028

adware persistence stealer upx

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

22VVBN0D55D8GF7000DS1S4S8A5.vbs

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

~.exe

Resource

win7v20201028

adware persistence stealer upx

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  22VVBN0D55D8GF7000DS1S4S8A5.vbs
- Size
  
  10KB
- MD5
  
  3afcab8426cc193a450542c88832c31c
- SHA1
  
  3181367d7da126100194a1c59a90ac836dbfa433
- SHA256
  
  93d93845a8dbf73bbfe91eead4b4b17e6a4255d4c4a9dd8b8ae990a721d99069
- SHA512
  
  71275e28d80976dd214387fc432225727b8d0229ce8687e5d673fba182c647717640b3a1b207102403e49871567fb2e8877941eea75977accee51360e20b8fed
Score

8^/10
- Blocklisted process makes network request
behavioral1 behavioral3
- Target
  
  ~
- Size
  
  2.0MB
- MD5
  
  ebe3aa6a70fac4e32a072f4ad21cff3d
- SHA1
  
  e1a41eed4f49e43f098e15b7620bf7af1c025a93
- SHA256
  
  df0a4fbebae6d6ae7150d70c96024a55712b6ce0aec82fa2fe23ea85b95a973d
- SHA512
  
  6f01d6f4fac7bc18f7cdff31717b2d2faa3b4dbddb2938bec507672f32693a6620bf21ac0f8310fb162b60c0f50364e3c7f7b8c770bf0c03269a4d5c3e546418
Score

10^/10

adware persistence stealer upx
- Registers COM server for autorun
  persistence
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral2 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealerupx

behavioral3

behavioral4

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy