87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

87771b930f...d6.exe

windows7-x64

87771b930f...d6.exe

windows10-2004-x64

Sharing

General

Target

87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6
Size

244KB
Sample

221123-3lt32sfh8w
MD5

4496578bd5fb9153b6dca335b1a89be6
SHA1

65e635385fccafbe495bd36db14b3b0098fe4763
SHA256

87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6
SHA512

7a2d3e49070a1169045e2a9cbc10b859938b322a3f6cfb4b7fbf01f78972e1d9e116178e37838b2649f3661a884afa5a798cf7fb8c92290f60889d439924cc8e
SSDEEP

3072:CwJI/eenD+PvsD4sjyiacgdYVzdbxiQUjSf722ZYvOSnDcPdwa1u6Bjnqw:CL/eeqPDxia5YAQUjC722FCJ1Qj9

Score

8^/10

adware persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6.exe

Resource

win7-20220812-en

adware persistence stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6.exe

Resource

win10v2004-20220812-en

adware persistence stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6
- Size
  
  244KB
- MD5
  
  4496578bd5fb9153b6dca335b1a89be6
- SHA1
  
  65e635385fccafbe495bd36db14b3b0098fe4763
- SHA256
  
  87771b930f12658f65736e69206df44218de3a003958d76f62e8031aeda6dfd6
- SHA512
  
  7a2d3e49070a1169045e2a9cbc10b859938b322a3f6cfb4b7fbf01f78972e1d9e116178e37838b2649f3661a884afa5a798cf7fb8c92290f60889d439924cc8e
- SSDEEP
  
  3072:CwJI/eenD+PvsD4sjyiacgdYVzdbxiQUjSf722ZYvOSnDcPdwa1u6Bjnqw:CL/eeqPDxia5YAQUjC722FCJ1Qj9
Score

8^/10

adware persistence stealer
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer

© 2018-2025

Terms | Privacy