9de171005e8191a70274184c61dcac5e75b6a4307063c740609209da86592f3c | Triage

Submit
Reports

Overview

overview

Static

static

dd.exe

windows7_x64

dd.exe

windows10_x64

Resubmissions

10-07-2021 16:53

210710-thekp6z3ka 10

10-07-2021 16:51

210710-yc1gf34hxn 8

Sharing

General

Target

dd.exe
Size

82.1MB
Sample

210710-thekp6z3ka
MD5

9b5aaf2bfe25d830f482b5516471aea3
SHA1

442c40f4dd466a643595a40ae1239c89fca6f9ae
SHA256

9de171005e8191a70274184c61dcac5e75b6a4307063c740609209da86592f3c
SHA512

508322b9d26d55f291d6511103b15dffd9c2230599d51f28c63dfdf9ff6d494a6240fa7daa1b354a051524ea888da6b7b8f03420c4c209ffa734328c10c10b42

Score

10^/10

adware discovery persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

dd.exe

Resource

win7v20210410

adware discovery persistence stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dd.exe

Resource

win10v20210408

adware discovery persistence stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dd.exe
- Size
  
  82.1MB
- MD5
  
  9b5aaf2bfe25d830f482b5516471aea3
- SHA1
  
  442c40f4dd466a643595a40ae1239c89fca6f9ae
- SHA256
  
  9de171005e8191a70274184c61dcac5e75b6a4307063c740609209da86592f3c
- SHA512
  
  508322b9d26d55f291d6511103b15dffd9c2230599d51f28c63dfdf9ff6d494a6240fa7daa1b354a051524ea888da6b7b8f03420c4c209ffa734328c10c10b42
Score

10^/10

adware discovery persistence stealer upx
- Registers COM server for autorun
  persistence
- Blocklisted process makes network request
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealerupx

behavioral2

adwarediscoverypersistencestealerupx

© 2018-2024

Terms | Privacy