054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

054eeaa9f1...aa.exe

windows7-x64

7

054eeaa9f1...aa.exe

windows10-2004-x64

Sharing

General

Target

054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa.exe
Size

404KB
Sample

230314-ee283sfc6t
MD5

31a46564145f167c90cde7221904df31
SHA1

d9021f000b203d37a13ca3b6eae037b7c2817b9e
SHA256

054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa
SHA512

1bb4a784a41ce3cb3be59e3fba6b68617a396c542d870c750117573d4774b581dc72b821a4976e2199582cac455b10ff930561fae304545acc9f8879439da400
SSDEEP

6144:rwTOAkRjUmqjDtFQHo7l37jaxIZm8ezKMH0Q4exxrp7Myuuh/Wr0LRU:0TOAkRj7IqoRHaxYmzzxrFdLh/20tU

Score

10^/10

adware discovery evasion stealer

Static task

static1

Behavioral task

behavioral1

Sample

054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa.exe

Resource

win7-20230220-en

adware discovery stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa.exe

Resource

win10v2004-20230221-en

adware discovery evasion stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa.exe
- Size
  
  404KB
- MD5
  
  31a46564145f167c90cde7221904df31
- SHA1
  
  d9021f000b203d37a13ca3b6eae037b7c2817b9e
- SHA256
  
  054eeaa9f120f3613cf06ad010c58adf025c4f8c03dcc6da6acd567be27e87aa
- SHA512
  
  1bb4a784a41ce3cb3be59e3fba6b68617a396c542d870c750117573d4774b581dc72b821a4976e2199582cac455b10ff930561fae304545acc9f8879439da400
- SSDEEP
  
  6144:rwTOAkRjUmqjDtFQHo7l37jaxIZm8ezKMH0Q4exxrp7Myuuh/Wr0LRU:0TOAkRj7IqoRHaxYmzzxrFdLh/20tU
Score

10^/10

adware discovery stealer evasion
- Modifies firewall policy service
  evasion
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Browser Extensions

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverystealer

behavioral2

adwarediscoveryevasionstealer

© 2018-2025

Terms | Privacy