b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9 | Triage

Submit
Reports

Overview

overview

Static

static

8

b5cc55e50a...d9.exe

windows7-x64

b5cc55e50a...d9.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9
Size

7.5MB
Sample

221205-m3yvkagd7x
MD5

6f34f4960831a63db667d0fd0bd15a5f
SHA1

36fc7d1c610d4929d590a3d925c7c503dce1cf9d
SHA256

b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9
SHA512

fb517e5b7485b592bf98ab0e980ea090960d6aff63a7edf95cacc8e957d39ccf57b3d1775d89d03a231533828d64bf8d78f87c01b061121193b02b94fff0abe2
SSDEEP

196608:i7effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQncryfEQuN82nN6WQ:i7effIPEsy58doQaTzwZ8Jq3QKnqVtxK

Score

10^/10

adware persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9.exe

Resource

win7-20220812-en

adware persistence stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9.exe

Resource

win10v2004-20220812-en

adware persistence stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9
- Size
  
  7.5MB
- MD5
  
  6f34f4960831a63db667d0fd0bd15a5f
- SHA1
  
  36fc7d1c610d4929d590a3d925c7c503dce1cf9d
- SHA256
  
  b5cc55e50a3e2f9ab5bd9a74285be645fb463842c4c5c9c4843e6f314b9b1ed9
- SHA512
  
  fb517e5b7485b592bf98ab0e980ea090960d6aff63a7edf95cacc8e957d39ccf57b3d1775d89d03a231533828d64bf8d78f87c01b061121193b02b94fff0abe2
- SSDEEP
  
  196608:i7effIPEsy58doQaTzwZ8Jq3QKnqVtxQnKnqVtxQu9OryfEQncryfEQuN82nN6WQ:i7effIPEsy58doQaTzwZ8Jq3QKnqVtxK
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2025

Terms | Privacy