91637011c4baf5302b12d9d41a2ebe9b38a7b29d9b71b87da654c978fb6d2ba8 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

Microsoft ...��.exe

windows7-x64

7

Microsoft ...��.exe

windows10-2004-x64

8

Sharing

General

Target

Microsoft Edge专用卸载工具.exe
Size

978KB
Sample

230307-qskfzaab52
MD5

ed7bd3db9053fff31b3f900df45653f6
SHA1

2eff63c95bbf03c7a1a96a68060be8b08b9c556d
SHA256

91637011c4baf5302b12d9d41a2ebe9b38a7b29d9b71b87da654c978fb6d2ba8
SHA512

202a627e9fd984bfc36379760267e734a2f909db0f6523eada68bef04dc71c5621861b8257201ee3be5daf12be7d0b65af29fac81fed7f58f0849cb77e655faf
SSDEEP

24576:j4GHnhIzOT3OACh5lxubchdNN9N4lPn1tO:8shdT3shPxubcnLL

Score

8^/10

adware persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Microsoft Edge专用卸载工具.exe

Resource

win7-20230220-en

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

Microsoft Edge专用卸载工具.exe

Resource

win10v2004-20230221-en

adware persistence stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  Microsoft Edge专用卸载工具.exe
- Size
  
  978KB
- MD5
  
  ed7bd3db9053fff31b3f900df45653f6
- SHA1
  
  2eff63c95bbf03c7a1a96a68060be8b08b9c556d
- SHA256
  
  91637011c4baf5302b12d9d41a2ebe9b38a7b29d9b71b87da654c978fb6d2ba8
- SHA512
  
  202a627e9fd984bfc36379760267e734a2f909db0f6523eada68bef04dc71c5621861b8257201ee3be5daf12be7d0b65af29fac81fed7f58f0849cb77e655faf
- SSDEEP
  
  24576:j4GHnhIzOT3OACh5lxubchdNN9N4lPn1tO:8shdT3shPxubcnLL
Score

8^/10

upx adware persistence stealer
- Modifies Installed Components in the registry
  persistence
- Sets file execution options in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

adwarepersistencestealerupx

© 2018-2024

Terms | Privacy