29f1c15cba3e8f8657d6ff4babdf6da15cd3fa6dcb8b8c80b671620431b70dc2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

7

35675b0b76...5d.exe

windows7-x64

8

35675b0b76...5d.exe

windows10-2004-x64

8

Sharing

General

Target

35675b0b76869f60fa5e003f937d5f5d
Size

55KB
Sample

231225-xdsmcsgab5
MD5

35675b0b76869f60fa5e003f937d5f5d
SHA1

29835a7c2aa46103ca326c20358ccc2a466077df
SHA256

29f1c15cba3e8f8657d6ff4babdf6da15cd3fa6dcb8b8c80b671620431b70dc2
SHA512

b62d37df67721d886c45b09be1474a1158f530a3bf5da26a32ce7728c9b3c8a836e4c80d57bf6d2086be64fe8504f98753acb8317bd7ce23382ba3393e8ace4e
SSDEEP

768:4ZPRAqcIvdy2wTh4o+uUqe1J0Sw1IR0Q8aIA7O/HNipFgkRZETTHOWgZVl01LCEi:4ZPRPcSk3eFJxQA0QPoNhTLCEaa2

Score

8^/10

adware persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

35675b0b76869f60fa5e003f937d5f5d.exe

Resource

win7-20231215-en

adware persistence stealer upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

35675b0b76869f60fa5e003f937d5f5d.exe

Resource

win10v2004-20231215-en

adware persistence stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  35675b0b76869f60fa5e003f937d5f5d
- Size
  
  55KB
- MD5
  
  35675b0b76869f60fa5e003f937d5f5d
- SHA1
  
  29835a7c2aa46103ca326c20358ccc2a466077df
- SHA256
  
  29f1c15cba3e8f8657d6ff4babdf6da15cd3fa6dcb8b8c80b671620431b70dc2
- SHA512
  
  b62d37df67721d886c45b09be1474a1158f530a3bf5da26a32ce7728c9b3c8a836e4c80d57bf6d2086be64fe8504f98753acb8317bd7ce23382ba3393e8ace4e
- SSDEEP
  
  768:4ZPRAqcIvdy2wTh4o+uUqe1J0Sw1IR0Q8aIA7O/HNipFgkRZETTHOWgZVl01LCEi:4ZPRPcSk3eFJxQA0QPoNhTLCEaa2
Score

8^/10

adware persistence stealer upx
- Sets DLL path for service in the registry
  persistence
- Deletes itself
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealerupx

behavioral2

adwarepersistencestealerupx

© 2018-2025

Terms | Privacy