ca7d8290061ee2f2c0d429d4e1fc6dd932056da95926cb40cf42d0f7838654ae | Triage

Submit
Reports

Overview

overview

8

Static

static

1

download.png

windows11-21h2-x64

8

Sharing

General

Target

download.png
Size

4KB
Sample

240701-ch39fawelp
MD5

a46bbc94f4baa819cb0544242ba3c23e
SHA1

10994eb0610cdcd338bdfc31c95df4c4135797f7
SHA256

ca7d8290061ee2f2c0d429d4e1fc6dd932056da95926cb40cf42d0f7838654ae
SHA512

2bee13fd1648bb8187ffb44cf1c16393ebef0a8d3d5794cbcbb4abd94edf6286ef20dc4e16423f1f77fb376b00c2ee6ac674190d99cc0a2fdd75f3b3f8e481a6
SSDEEP

96:nt5a2NIgCkt074QegAgevgWNYNvy8qTzASBmncYpGqzkqqWy9h:rNwY0VNAgeIlVy3fA2Yvphw9h

Score

8^/10

adware persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

download.png

Resource

win11-20240419-en

adware persistence privilege_escalation stealer

windows11-21h2-x64

24 signatures

1800 seconds

Malware Config

Targets

- Target
  
  download.png
- Size
  
  4KB
- MD5
  
  a46bbc94f4baa819cb0544242ba3c23e
- SHA1
  
  10994eb0610cdcd338bdfc31c95df4c4135797f7
- SHA256
  
  ca7d8290061ee2f2c0d429d4e1fc6dd932056da95926cb40cf42d0f7838654ae
- SHA512
  
  2bee13fd1648bb8187ffb44cf1c16393ebef0a8d3d5794cbcbb4abd94edf6286ef20dc4e16423f1f77fb376b00c2ee6ac674190d99cc0a2fdd75f3b3f8e481a6
- SSDEEP
  
  96:nt5a2NIgCkt074QegAgevgWNYNvy8qTzASBmncYpGqzkqqWy9h:rNwY0VNAgeIlVy3fA2Yvphw9h
Score

8^/10

adware persistence privilege_escalation stealer
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarepersistenceprivilege_escalationstealer

© 2018-2025

Terms | Privacy