4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b | Triage

Submit
Reports

Overview

overview

8

Static

static

4bcee96b57...6b.exe

windows7-x64

8

4bcee96b57...6b.exe

windows10-2004-x64

8

Sharing

General

Target

4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b
Size

1.0MB
Sample

221127-se9vtabb2s
MD5

3bc343997607a36dd36f9ec2937422dc
SHA1

7336da33e47005bc66b94b67c7cdbc3f10a4f037
SHA256

4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b
SHA512

98df7358181114c02e92f31fd989a7ac4c5885bfbfbd2a4a13a4c4be2c9d25ea31482fad9aed1db3cc48953fe01589b4640239ba370d16399631c2ad285a04e6
SSDEEP

24576:UUOQIjxJxqW6ZvNrryeq7Xr8N9bb3DFsH:5WjxJEWstyewkb7ZsH

Score

8^/10

adware discovery exploit persistence stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b.exe

Resource

win7-20220812-en

adware discovery exploit persistence stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b.exe

Resource

win10v2004-20220812-en

adware discovery exploit persistence stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b
- Size
  
  1.0MB
- MD5
  
  3bc343997607a36dd36f9ec2937422dc
- SHA1
  
  7336da33e47005bc66b94b67c7cdbc3f10a4f037
- SHA256
  
  4bcee96b572888f92d70cdc796b65fff18947ec6b59e5eeb6636f66c3442a96b
- SHA512
  
  98df7358181114c02e92f31fd989a7ac4c5885bfbfbd2a4a13a4c4be2c9d25ea31482fad9aed1db3cc48953fe01589b4640239ba370d16399631c2ad285a04e6
- SSDEEP
  
  24576:UUOQIjxJxqW6ZvNrryeq7Xr8N9bb3DFsH:5WjxJEWstyewkb7ZsH
Score

8^/10

adware discovery exploit persistence stealer upx
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryexploitpersistencestealerupx

behavioral2

adwarediscoveryexploitpersistencestealerupx

© 2018-2024

Terms | Privacy