1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964 | Triage

Submit
Reports

Overview

overview

Static

static

8

1a4c27e6b9...64.exe

windows7_x64

1a4c27e6b9...64.exe

windows10_x64

Sharing

General

Target

1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964
Size

517KB
Sample

210517-n3frhypd5s
MD5

30f6be4f83317da5c73cccfd277e7dfa
SHA1

f42abf23107f541e5b3ab8414d16c1a42051fa77
SHA256

1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964
SHA512

755f113061dd4d7fae0e0ac05a779e622073edb316ebc960bb590e48de23debaee566b19ad658104c23fa7b9af1df57c26556c5c3ccde8357e288220174a6300

Score

10^/10

adware persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964.exe

Resource

win7v20210410

adware persistence stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964.exe

Resource

win10v20210408

adware persistence stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964
- Size
  
  517KB
- MD5
  
  30f6be4f83317da5c73cccfd277e7dfa
- SHA1
  
  f42abf23107f541e5b3ab8414d16c1a42051fa77
- SHA256
  
  1a4c27e6b95c50e2e16b6a084844e17ab0ae7c8ec8d6894eca73d814af6a8964
- SHA512
  
  755f113061dd4d7fae0e0ac05a779e622073edb316ebc960bb590e48de23debaee566b19ad658104c23fa7b9af1df57c26556c5c3ccde8357e288220174a6300
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Change Default File Association

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy