ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ad96e8e2dc...ce.exe

windows7-x64

ad96e8e2dc...ce.exe

windows10-2004-x64

Sharing

General

Target

ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce
Size

446KB
Sample

240406-bykxcshb62
MD5

7117337199731d38da136f6f472fbb7a
SHA1

be11f1e3de5d90c06ea5e76648f36a00266cf7de
SHA256

ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce
SHA512

446f935e5510303e37a13abf7ee5ddc13a76bda6bfff5fe9a3e472cfe71f41eab61c7884f77cb7c4df5b6c6717c72985039efed789d5f7907df3879eb2a31f92
SSDEEP

12288:gQ+Qu9yus9exo/2oweeKie/fU94ieeZXnAeou:8I9exo/2TeeKie/fe4ieepnAeou

Score

10^/10

adware persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce.exe

Resource

win7-20240221-en

adware persistence stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce.exe

Resource

win10v2004-20240226-en

adware persistence stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce
- Size
  
  446KB
- MD5
  
  7117337199731d38da136f6f472fbb7a
- SHA1
  
  be11f1e3de5d90c06ea5e76648f36a00266cf7de
- SHA256
  
  ad96e8e2dc661d59e25a8d7f2f3f1a79f4b0736f69d34a3bd0b4ba67357e8cce
- SHA512
  
  446f935e5510303e37a13abf7ee5ddc13a76bda6bfff5fe9a3e472cfe71f41eab61c7884f77cb7c4df5b6c6717c72985039efed789d5f7907df3879eb2a31f92
- SSDEEP
  
  12288:gQ+Qu9yus9exo/2oweeKie/fU94ieeZXnAeou:8I9exo/2TeeKie/fe4ieepnAeou
Score

10^/10

adware persistence stealer
- Modifies WinLogon for persistence
  persistence
- UPX dump on OEP (original entry point)
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Browser Extensions

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistencestealer

behavioral2

adwarepersistencestealer

© 2018-2025

Terms | Privacy