7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa | Triage

Submit
Reports

Overview

overview

Static

static

8

7f3695f471...aa.exe

windows7-x64

7f3695f471...aa.exe

windows10-2004-x64

Sharing

General

Target

7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa
Size

38KB
Sample

221127-x3wejsgc9x
MD5

ca8553cb5a8b16962d8cb0a84da08deb
SHA1

beafa6a4e55658f7c5c954a33756ab76c0fb7fe0
SHA256

7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa
SHA512

f5f17bb5f0bf9276d48523086c354ad53550fea4082bbc2a90318dbcfe55dad06ec0ee038881349b8725f3924eb2eae36ca67239bbbf9ad610378145462184d5
SSDEEP

768:WcfGaro8snFd2piQF+AJsV1qn0Sn+4uWlKSWyp7j77Qhi:WKGj8yb2pP81NSnmWlsyVUi

Score

10^/10

adware persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa.exe

Resource

win7-20220812-en

adware persistence stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa.exe

Resource

win10v2004-20220812-en

adware persistence stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa
- Size
  
  38KB
- MD5
  
  ca8553cb5a8b16962d8cb0a84da08deb
- SHA1
  
  beafa6a4e55658f7c5c954a33756ab76c0fb7fe0
- SHA256
  
  7f3695f471e08ba1310a688d684c823b7696f6ec18d340ce77c6ee4fea9e9faa
- SHA512
  
  f5f17bb5f0bf9276d48523086c354ad53550fea4082bbc2a90318dbcfe55dad06ec0ee038881349b8725f3924eb2eae36ca67239bbbf9ad610378145462184d5
- SSDEEP
  
  768:WcfGaro8snFd2piQF+AJsV1qn0Sn+4uWlKSWyp7j77Qhi:WKGj8yb2pP81NSnmWlsyVUi
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy