a1773235dcd9c9f815793b7509f91b959b450c4bf90b6c26794c9f59458f9050 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

Loader.exe

windows10-1703-x64

8

Sharing

General

Target

Loader.exe
Size

5.9MB
Sample

230305-bczhmaef91
MD5

d0ffcc482ce53b386a30199dab65f6e0
SHA1

00ef2852b530749fbcb8c40099bdc68151780bb6
SHA256

a1773235dcd9c9f815793b7509f91b959b450c4bf90b6c26794c9f59458f9050
SHA512

09a4b86a7b77d08daf0668e6e9f7eac66ac0368b2f4a08d4404a10b8b45a1b929c9402ff36369780015728fb7d371fce59b43ce518214ba011b3f0248cdc8b63
SSDEEP

98304:7RRxywgpOB5q7fgMamWcXU3KUvLp73YxRfSjhFvucBaM6stwpINm5wbCKHB3:7xy5ABA7fgxlp3YxRwduqgsEEm5nQB

Score

8^/10

adware persistence stealer

Static task

static1

Behavioral task

behavioral1

Sample

Loader.exe

Resource

win10-20230220-es

adware persistence stealer

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  Loader.exe
- Size
  
  5.9MB
- MD5
  
  d0ffcc482ce53b386a30199dab65f6e0
- SHA1
  
  00ef2852b530749fbcb8c40099bdc68151780bb6
- SHA256
  
  a1773235dcd9c9f815793b7509f91b959b450c4bf90b6c26794c9f59458f9050
- SHA512
  
  09a4b86a7b77d08daf0668e6e9f7eac66ac0368b2f4a08d4404a10b8b45a1b929c9402ff36369780015728fb7d371fce59b43ce518214ba011b3f0248cdc8b63
- SSDEEP
  
  98304:7RRxywgpOB5q7fgMamWcXU3KUvLp73YxRfSjhFvucBaM6stwpINm5wbCKHB3:7xy5ABA7fgxlp3YxRwduqgsEEm5nQB
Score

8^/10

adware persistence stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

© 2018-2025

Terms | Privacy