927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239 | Triage

Submit
Reports

Overview

overview

Static

static

8

927a4d055e...39.exe

windows7-x64

927a4d055e...39.exe

windows10-2004-x64

Sharing

General

Target

927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239
Size

9.4MB
Sample

221205-m499zsch33
MD5

b292eec1e13e50eba89f12b55f93f634
SHA1

8f0750d7a689234c015a45dc481491b4e4b5697a
SHA256

927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239
SHA512

39b1d3b22ea6a1b6ea4c0d6aca1af5f03f34eb82fc9487b0d92310b3b8330693228608aff5228c0842e6664bff595e11390d9a8a52b944526cfc14935391370b
SSDEEP

196608:47effIPEsy58doQaTxLhQyZbIly38doQavqU/yE/QTly38doQa6wk89+hXTI5Y8l:47effIPEsy58doQaTxLhQyZbIly38doV

Score

10^/10

adware persistence stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239.exe

Resource

win7-20220901-en

adware persistence stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239.exe

Resource

win10v2004-20220901-en

adware persistence stealer upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239
- Size
  
  9.4MB
- MD5
  
  b292eec1e13e50eba89f12b55f93f634
- SHA1
  
  8f0750d7a689234c015a45dc481491b4e4b5697a
- SHA256
  
  927a4d055e9ac4a0a257eceb68af572bf440308b1a7363793e43f53ffc28a239
- SHA512
  
  39b1d3b22ea6a1b6ea4c0d6aca1af5f03f34eb82fc9487b0d92310b3b8330693228608aff5228c0842e6664bff595e11390d9a8a52b944526cfc14935391370b
- SSDEEP
  
  196608:47effIPEsy58doQaTxLhQyZbIly38doQavqU/yE/QTly38doQa6wk89+hXTI5Y8l:47effIPEsy58doQaTxLhQyZbIly38doV
Score

10^/10

adware persistence stealer upx
- Modifies WinLogon for persistence
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy