fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

fc1042641e...04.exe

windows7-x64

fc1042641e...04.exe

windows10-2004-x64

Sharing

General

Target

fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04
Size

320KB
Sample

221127-16esracf96
MD5

90446497254fdaed2729c7c1122f03f6
SHA1

ceedad2562c20c3babbd733f2815295355b559f0
SHA256

fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04
SHA512

cfc51197bb44e8d2052b69082a2258223347c12d424cba43d0ec744611e069098b4a5b521859149b6c9faf1ee95efcb55fa010a500974f65f482e7884a7181c4
SSDEEP

6144:CpQ9cjqzrYTNetnIlEs3yUff5gdy5BNKjW5ulFDxvMh0yL3QBPNVikGPzxA:1OG+sZIlc+x/rNdwxkxbaNVikYu

Score

10^/10

adware discovery persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04.exe

Resource

win7-20220812-en

adware discovery persistence stealer

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04.exe

Resource

win10v2004-20220812-en

adware discovery persistence stealer

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04
- Size
  
  320KB
- MD5
  
  90446497254fdaed2729c7c1122f03f6
- SHA1
  
  ceedad2562c20c3babbd733f2815295355b559f0
- SHA256
  
  fc1042641e6410a8a602670e7839d010c6c474f83baf53e602f1bc4bae249b04
- SHA512
  
  cfc51197bb44e8d2052b69082a2258223347c12d424cba43d0ec744611e069098b4a5b521859149b6c9faf1ee95efcb55fa010a500974f65f482e7884a7181c4
- SSDEEP
  
  6144:CpQ9cjqzrYTNetnIlEs3yUff5gdy5BNKjW5ulFDxvMh0yL3QBPNVikGPzxA:1OG+sZIlc+x/rNdwxkxbaNVikYu
Score

10^/10

adware discovery persistence stealer
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistencestealer

behavioral2

adwarediscoverypersistencestealer

© 2018-2025

Terms | Privacy