ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc | Triage

Submit
Reports

Overview

overview

Static

static

ff320885d3...bc.exe

windows7-x64

ff320885d3...bc.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc
Size

357KB
Sample

221011-k2yr3afecl
MD5

4b0370a25d60f8395a98f596306b50c6
SHA1

1190f4962e6b27e6fcd475d91356c589f707463c
SHA256

ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc
SHA512

fc8f28b1e1fd80f1ce05c7bc153e5332ced948ae8783a4bba8e6a1b4ee798e15d19d04807e25c43eca1e44a979b77623b78a4af7cfa6c6932e45560adbcc64e9
SSDEEP

6144:icCraNCraK5GR5G1bSankP+6bAw5sy1w5sy1w5sy/yibSj:inaKawSQQ+G5syS5syS5sy/y8u

Score

10^/10

adware persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc.exe

Resource

win7-20220901-en

adware persistence stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc.exe

Resource

win10v2004-20220901-en

adware persistence stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc
- Size
  
  357KB
- MD5
  
  4b0370a25d60f8395a98f596306b50c6
- SHA1
  
  1190f4962e6b27e6fcd475d91356c589f707463c
- SHA256
  
  ff320885d318ed5b2e92a50f7aff0f81b6456b43188e33f7eb007a9bd222d1bc
- SHA512
  
  fc8f28b1e1fd80f1ce05c7bc153e5332ced948ae8783a4bba8e6a1b4ee798e15d19d04807e25c43eca1e44a979b77623b78a4af7cfa6c6932e45560adbcc64e9
- SSDEEP
  
  6144:icCraNCraK5GR5G1bSankP+6bAw5sy1w5sy1w5sy/yibSj:inaKawSQQ+G5syS5syS5sy/y8u
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2025

Terms | Privacy