d1c544e1f137e4c985a470cd79450dc7a163cfa5dcda4b90960c2f5013c836d0 | Triage

Submit
Reports

Overview

overview

Static

static

Box-x64.msi

windows7-x64

8

Box-x64.msi

windows10-2004-x64

Sharing

General

Target

Box-x64.msi
Size

39.5MB
Sample

221112-jkdvwshe4w
MD5

197f631b87b5f033e168db6f86991d8b
SHA1

10bd609e5072458f57dca689bfbf34c1a5f29ca2
SHA256

d1c544e1f137e4c985a470cd79450dc7a163cfa5dcda4b90960c2f5013c836d0
SHA512

e7b473fb91dac4d2512a97a26555eca95780150dc03c982965e041c950d2bc49af44bd7f6b2d95bce7a08a3a1d20a59fce84f09d5618b9efa24c96e61ea731c8
SSDEEP

786432:h35MzGfBrWnHB/AZMNC2IqdBN2AWd9TC8auNJv5bljJ/DsB8i52wGi+D+EtbPXPT:hSSAHB/ogC2/2hZCkJvnJbo308EtbfPs

Score

10^/10

adware persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Box-x64.msi

Resource

win7-20220812-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

Box-x64.msi

Resource

win10v2004-20220901-en

adware persistence stealer

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  Box-x64.msi
- Size
  
  39.5MB
- MD5
  
  197f631b87b5f033e168db6f86991d8b
- SHA1
  
  10bd609e5072458f57dca689bfbf34c1a5f29ca2
- SHA256
  
  d1c544e1f137e4c985a470cd79450dc7a163cfa5dcda4b90960c2f5013c836d0
- SHA512
  
  e7b473fb91dac4d2512a97a26555eca95780150dc03c982965e041c950d2bc49af44bd7f6b2d95bce7a08a3a1d20a59fce84f09d5618b9efa24c96e61ea731c8
- SSDEEP
  
  786432:h35MzGfBrWnHB/AZMNC2IqdBN2AWd9TC8auNJv5bljJ/DsB8i52wGi+D+EtbPXPT:hSSAHB/ogC2/2hZCkJvnJbo308EtbfPs
Score

10^/10

adware persistence stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Blocklisted process makes network request
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Modifies Shared Task Scheduler registry keys
  persistence
- Registers COM server for autorun
  persistence
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealer

© 2018-2024

Terms | Privacy