85370541ae0630c1bfb0ca871198c2534f0eb6e6319cab9a5980c568940c6ff3 | Triage

Submit
Reports

Overview

overview

Static

static

Windows10C...ns.zip

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

Windows10Corruptions.zip
Size

25.9MB
Sample

221204-a47gwacb46
MD5

58ced9055dad414215ccb68b9c03bf75
SHA1

fe0126aa4cba59bfa3cb3eeb1ce91b43832a1167
SHA256

85370541ae0630c1bfb0ca871198c2534f0eb6e6319cab9a5980c568940c6ff3
SHA512

06740e453829a2fbcba3a4e034106074eb221d79ba53051987ca9efac04306dc7c8408f2d8e74ea12071bd1eade79485a9a3d341679d3c22e29f7073d7b0349c
SSDEEP

786432:hT0wE+ZpLR9z1ITG06cdVVT+zCnz5UGvaaDWsY6kS:pa+fLR12q0HfCzmZaKNYs

Score

10^/10

adware evasion persistence stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Windows10Corruptions.zip

Resource

win10v2004-20220812-en

adware evasion persistence stealer trojan

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Windows10Corruptions.zip
- Size
  
  25.9MB
- MD5
  
  58ced9055dad414215ccb68b9c03bf75
- SHA1
  
  fe0126aa4cba59bfa3cb3eeb1ce91b43832a1167
- SHA256
  
  85370541ae0630c1bfb0ca871198c2534f0eb6e6319cab9a5980c568940c6ff3
- SHA512
  
  06740e453829a2fbcba3a4e034106074eb221d79ba53051987ca9efac04306dc7c8408f2d8e74ea12071bd1eade79485a9a3d341679d3c22e29f7073d7b0349c
- SSDEEP
  
  786432:hT0wE+ZpLR9z1ITG06cdVVT+zCnz5UGvaaDWsY6kS:pa+fLR12q0HfCzmZaKNYs
Score

10^/10

adware evasion persistence stealer trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- UAC bypass
  evasion trojan
- Looks for VMWare Tools registry key
  evasion
- Modifies Installed Components in the registry
  persistence
- Registers COM server for autorun
  persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwareevasionpersistencestealertrojan

© 2018-2025

Terms | Privacy