7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38 | Triage

Submit
Reports

Overview

overview

8

Static

static

7d7dd59662...38.exe

windows7-x64

8

7d7dd59662...38.exe

windows10-2004-x64

8

Sharing

General

Target

7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38
Size

2.7MB
Sample

221129-w8etbahc8z
MD5

b201f07126faa38c0adff8dbad702660
SHA1

71bddb4fa198f398afeaca69af2e47df4d1e4e4d
SHA256

7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38
SHA512

3da2861171d79ec2d1e1aeec39f8208eeb50d0f272017886426790f3ce0f5583ba79dd8774ec68da9e24e35c5c9284c590895fa49d82d90c0c1db471342df4ac
SSDEEP

49152:OWYvm/M4VEeqgvEPNam4klaFerFszmRDA4aIlvuMIo9f6SqyMZJTdwXe7yKsNCtI:kvmk4VElgsVam6qFUuvAoISqyMZJyX9p

Score

8^/10

adware evasion persistence stealer themida

Static task

static1

Behavioral task

behavioral1

Sample

7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38.exe

Resource

win7-20220812-en

adware evasion persistence stealer themida

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38.exe

Resource

win10v2004-20220812-en

evasion themida

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38
- Size
  
  2.7MB
- MD5
  
  b201f07126faa38c0adff8dbad702660
- SHA1
  
  71bddb4fa198f398afeaca69af2e47df4d1e4e4d
- SHA256
  
  7d7dd59662f98770f6cade0fbe227b51e61f1ce17c5d838db0dfb2aa9077fd38
- SHA512
  
  3da2861171d79ec2d1e1aeec39f8208eeb50d0f272017886426790f3ce0f5583ba79dd8774ec68da9e24e35c5c9284c590895fa49d82d90c0c1db471342df4ac
- SSDEEP
  
  49152:OWYvm/M4VEeqgvEPNam4klaFerFszmRDA4aIlvuMIo9f6SqyMZJTdwXe7yKsNCtI:kvmk4VElgsVam6qFUuvAoISqyMZJyX9p
Score

8^/10

adware evasion persistence stealer themida
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Loads dropped DLL
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

adwareevasionpersistencestealerthemida

behavioral2

© 2018-2024

Terms | Privacy