cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e | Triage

Submit
Reports

Overview

overview

Static

static

cfe38d9787...8e.exe

windows7-x64

cfe38d9787...8e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e
Size

275KB
Sample

220919-b1jr3sahc7
MD5

edfd7032ec75bfc12d48fe4f308e50bb
SHA1

940b5154cdeba782919ad1dfeb743fcebef213df
SHA256

cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e
SHA512

ab52ce3dc02b3d7175b9c22659e3e2edf1d4110da99526cc4e60794144c832a5257160db1fc1c8af7e3aacb8d3f5c0712a5e10150a3bf1b9d65a2e4e80ad8e3d
SSDEEP

6144:Cp7IHOo+LPIsnAKUZQAdgUDYHf6XkAPTKl5ee:+hDrXBAdgdALeee

Score

10^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e.exe

Resource

win7-20220812-en

adware discovery persistence stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e.exe

Resource

win10v2004-20220812-en

adware discovery persistence stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e
- Size
  
  275KB
- MD5
  
  edfd7032ec75bfc12d48fe4f308e50bb
- SHA1
  
  940b5154cdeba782919ad1dfeb743fcebef213df
- SHA256
  
  cfe38d97877912474e8e5976a5e3b5c3f6a6e07eace4286fc1da117c516f7a8e
- SHA512
  
  ab52ce3dc02b3d7175b9c22659e3e2edf1d4110da99526cc4e60794144c832a5257160db1fc1c8af7e3aacb8d3f5c0712a5e10150a3bf1b9d65a2e4e80ad8e3d
- SSDEEP
  
  6144:Cp7IHOo+LPIsnAKUZQAdgUDYHf6XkAPTKl5ee:+hDrXBAdgdALeee
Score

10^/10

adware discovery persistence stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2025

Terms | Privacy