04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

04e0d3b87f...91.exe

windows7-x64

8

04e0d3b87f...91.exe

windows10-2004-x64

8

Sharing

General

Target

04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991
Size

273KB
Sample

220919-t3e6saggd7
MD5

aad7e430001c57547416b6dcfe3b29a4
SHA1

5b38dfecfc0e7c7cecf542e8191166333e74c548
SHA256

04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991
SHA512

fc8d7cc0ac1eca9071eda613649bc3a0746eabf319870af930e17876001ae103acc5b57b24e7c3fc6aa8f84aaa7ba7b4c7475b68dd48c452990629746fa47fe7
SSDEEP

6144:mY94NIKotWI35Deg5NEezflAGrEyueeQHEj69Y8P0jI:N9OSX7HflXIME6xPB

Score

8^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991.exe

Resource

win7-20220812-en

adware persistence stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991.exe

Resource

win10v2004-20220901-en

adware discovery persistence stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991
- Size
  
  273KB
- MD5
  
  aad7e430001c57547416b6dcfe3b29a4
- SHA1
  
  5b38dfecfc0e7c7cecf542e8191166333e74c548
- SHA256
  
  04e0d3b87f41a71512400ca6df0875a22a6672dc4fb57f42d990fc248942c991
- SHA512
  
  fc8d7cc0ac1eca9071eda613649bc3a0746eabf319870af930e17876001ae103acc5b57b24e7c3fc6aa8f84aaa7ba7b4c7475b68dd48c452990629746fa47fe7
- SSDEEP
  
  6144:mY94NIKotWI35Deg5NEezflAGrEyueeQHEj69Y8P0jI:N9OSX7HflXIME6xPB
Score

8^/10

adware persistence stealer discovery
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2025

Terms | Privacy