71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

71ff9c86c9...10.exe

windows7-x64

8

71ff9c86c9...10.exe

windows10-2004-x64

8

Sharing

General

Target

71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610
Size

1.7MB
Sample

221203-qmlf3sdd92
MD5

ed441e1404e851157e773fdff2cae40a
SHA1

957462aa7591a09e1a8a9f4d30b22a7ce203c6f8
SHA256

71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610
SHA512

39be9a4bfd720ee70f5024729edd8e49067fc2670bd58a617ac1381c30aa06a19ddcce0bc459b6a04bd33128d732c10185ae7bd98fe6354db69f72688f08045c
SSDEEP

24576:xArHVljSWEnPFYByxQxGBqBRrdklDdMAdUC+50WKl9IlJdneeIhhIrQedTVSZ1NQ:SqYB2QxGBQpkz+A9UZcqQexmeCqHT9

Score

8^/10

adware evasion stealer

Static task

static1

Behavioral task

behavioral1

Sample

71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610.exe

Resource

win7-20221111-en

adware evasion stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610.exe

Resource

win10v2004-20221111-en

adware evasion stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610
- Size
  
  1.7MB
- MD5
  
  ed441e1404e851157e773fdff2cae40a
- SHA1
  
  957462aa7591a09e1a8a9f4d30b22a7ce203c6f8
- SHA256
  
  71ff9c86c90f515d38e9bf67e55c8d8f87cd65b8fdeb9c18daf8b333c288d610
- SHA512
  
  39be9a4bfd720ee70f5024729edd8e49067fc2670bd58a617ac1381c30aa06a19ddcce0bc459b6a04bd33128d732c10185ae7bd98fe6354db69f72688f08045c
- SSDEEP
  
  24576:xArHVljSWEnPFYByxQxGBqBRrdklDdMAdUC+50WKl9IlJdneeIhhIrQedTVSZ1NQ:SqYB2QxGBQpkz+A9UZcqQexmeCqHT9
Score

8^/10

adware evasion stealer
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionstealer

behavioral2

adwareevasionstealer

© 2018-2025

Terms | Privacy