895cc5010ad35ce741ca0b0c8aa231bb230e8b225e9a0a2119ec79175237f0cc | Triage

Sharing

General

Target

NEAS.068b83f680d3ab641976172c38e4b2e0_JC.exe
Size

328KB
Sample

231103-dp72msbb7v
MD5

068b83f680d3ab641976172c38e4b2e0
SHA1

c2b38e59a84c493ab06ce0cc4cd2a769fc67ba6d
SHA256

895cc5010ad35ce741ca0b0c8aa231bb230e8b225e9a0a2119ec79175237f0cc
SHA512

4336d6df1665476ec06643282721df0b7770a1008bb0dcfe71e8b9c0dd550d59890d1489e4af4a3f6fa48301858f9359d9927433fb9161f99caf77ae9ebe37a1
SSDEEP

6144:syWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:sCemx0vN3HKGi6sYjJLUGGtedud5tr7

Score

8^/10

adware discovery exploit persistence stealer

Malware Config

Targets

- Target
  
  NEAS.068b83f680d3ab641976172c38e4b2e0_JC.exe
- Size
  
  328KB
- MD5
  
  068b83f680d3ab641976172c38e4b2e0
- SHA1
  
  c2b38e59a84c493ab06ce0cc4cd2a769fc67ba6d
- SHA256
  
  895cc5010ad35ce741ca0b0c8aa231bb230e8b225e9a0a2119ec79175237f0cc
- SHA512
  
  4336d6df1665476ec06643282721df0b7770a1008bb0dcfe71e8b9c0dd550d59890d1489e4af4a3f6fa48301858f9359d9927433fb9161f99caf77ae9ebe37a1
- SSDEEP
  
  6144:syWOeLm+tkxoGQvT+W4+HMc+MEGRQ6saHSMf3z0AzbLUG50Tpm+MmvbWdlL0d5aU:sCemx0vN3HKGi6sYjJLUGGtedud5tr7
Score

8^/10

adware discovery exploit persistence stealer
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- Sets service image path in registry
  persistence
- Deletes itself
- Modifies file permissions
  discovery
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoveryexploitpersistencestealer

behavioral2

adwarediscoveryexploitpersistencestealer