8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80

Analysis

max time kernel
92s
max time network
156s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80.exe
Size

561KB
MD5

2f5d1d560a21e890c338dc16562dde7a
SHA1

060b83e46ba8ab48d8a2a3c9f356ffd8707467f3
SHA256

8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80
SHA512

e3c70e9575c4066cac6cd91ad687f9de592aeed6b2dff301089a80b3836275f9346f20d921e32663f115d7daa3493a4edbab9a23f701a17dd249a23e4f64011f
SSDEEP

12288:ckMG5PWfBhaIsmc0RNVvuUSaUTr8gR+m:1dAfzhvNxjwr8gR

Score

8^/10

adware stealer upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/960-55-0x0000000000400000-0x000000000048E000-memory.dmp	upx
behavioral1/memory/960-56-0x0000000000400000-0x000000000048E000-memory.dmp	upx

Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

Processes:

8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80.exe

C:\Users\Admin\AppData\Local\Temp\8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80.exe
"C:\Users\Admin\AppData\Local\Temp\8cf136af478e9ba8afababb54744c3d0b932388a9bbc0c78b15f3ca7e1ad8a80.exe"
1⤵
- Installs/modifies Browser Helper Object
PID:960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-54-0x0000000075FF1000-0x0000000075FF3000-memory.dmp

Filesize
8KB

Download
memory/960-55-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download
memory/960-56-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download