a0e41e8c856a4e7a71893abf513b6ebefde78dd81b37e560a29cf25a83b9df9b | Triage

Submit
Reports

Overview

overview

Static

static

Win10.0_Sy...re.msi

windows7_x64

8

Win10.0_Sy...re.msi

windows10-2004_x64

Sharing

General

Target

Win10.0_System_Upgrade_Software.msi
Size

92KB
Sample

220502-ftfjasgebl
MD5

108c1a102c58234f4cda627079df75c3
SHA1

21d6f08bd6bab100eb0b1a09c806c78577ec5b25
SHA256

a0e41e8c856a4e7a71893abf513b6ebefde78dd81b37e560a29cf25a83b9df9b
SHA512

0f4476005fa08acf212e1ec8bb548a9503a998e063e048de9cce438500f13ff5a98acac8ba4c3eeaf5572b583c6da9e2af23e23e3971675e260c628c2d6afb9b

Score

10^/10

adware discovery persistence ransomware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Win10.0_System_Upgrade_Software.msi

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Win10.0_System_Upgrade_Software.msi

Resource

win10v2004-20220414-en

adware discovery persistence ransomware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Win10.0_System_Upgrade_Software.msi
- Size
  
  92KB
- MD5
  
  108c1a102c58234f4cda627079df75c3
- SHA1
  
  21d6f08bd6bab100eb0b1a09c806c78577ec5b25
- SHA256
  
  a0e41e8c856a4e7a71893abf513b6ebefde78dd81b37e560a29cf25a83b9df9b
- SHA512
  
  0f4476005fa08acf212e1ec8bb548a9503a998e063e048de9cce438500f13ff5a98acac8ba4c3eeaf5572b583c6da9e2af23e23e3971675e260c628c2d6afb9b
Score

10^/10

adware discovery persistence ransomware stealer
- Registers COM server for autorun
  persistence
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

behavioral2

adwarediscoverypersistenceransomwarestealer

© 2018-2024

Terms | Privacy