Resubmissions
28/07/2024, 01:07
240728-bgph8aygjp 7Analysis
-
max time kernel
66s -
max time network
79s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
28/07/2024, 01:07
Static task
static1
Behavioral task
behavioral1
Sample
Bloxstrap.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Bloxstrap.exe
Resource
win10v2004-20240709-en
General
-
Target
Bloxstrap.exe
-
Size
10.3MB
-
MD5
ad8f7c62a4e70a5c0fdc57ae7b8a87c5
-
SHA1
7275528f291ab3c3dd24e25e4dee0c7446e9b7c6
-
SHA256
3cc8f7a93dc2fc176955af0d0b204f7c7323f767e99ed43a804547e2d5abd24b
-
SHA512
23d669bdd78b3be8fba23ac02fad4de21dd0a03cd88bca344258d17af8f602e1fe3bbc2dce377e10b3319651346bf545b82ecdc7cd0ad507784223b282c4d26b
-
SSDEEP
98304:xvd5Dsd5DkbTsed5D8+Da65vGWD35RGOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrz:xXspAvGURGObAbN0Q
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation Bloxstrap.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2676 Bloxstrap.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2676 Bloxstrap.exe -
Suspicious use of SendNotifyMessage 1 IoCs
pid Process 2676 Bloxstrap.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Bloxstrap.exe"C:\Users\Admin\AppData\Local\Temp\Bloxstrap.exe"1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2676 -
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe"C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install2⤵PID:5884
-
C:\Program Files (x86)\Microsoft\Temp\EU5A1C.tmp\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\Temp\EU5A1C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"3⤵PID:4864
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize1.5MB
MD5610b1b60dc8729bad759c92f82ee2804
SHA19992b7ae7a9c4e17a0a6d58ffd91b14cbb576552
SHA256921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08
SHA5120614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4
-
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
Filesize581KB
MD55cd490ccc1b6540f7e8e6b9d82d081d9
SHA171fd67f9c5865b928f79934d6178595d940a98b4
SHA2562d14e46a5e4f2f0e6fe1efa0a4582d5d31a7d125c419e7e09df358131161eca2
SHA512e7e38946286d8e2a6f9b4a28869f6cf550a7eb0bd9a1dd01cea30034b0de17ba8167e1aa3122da345ecfe8e2bfbfe98f550b1f609e936f5fa8dacbd6ab0772f2