3cc8f7a93dc2fc176955af0d0b204f7c7323f767e99ed43a804547e2d5abd24b

Resubmissions

28/07/2024, 01:07

240728-bgph8aygjp 7

Analysis

max time kernel
66s
max time network
79s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28/07/2024, 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Bloxstrap.exe
Size

10.3MB
MD5

ad8f7c62a4e70a5c0fdc57ae7b8a87c5
SHA1

7275528f291ab3c3dd24e25e4dee0c7446e9b7c6
SHA256

3cc8f7a93dc2fc176955af0d0b204f7c7323f767e99ed43a804547e2d5abd24b
SHA512

23d669bdd78b3be8fba23ac02fad4de21dd0a03cd88bca344258d17af8f602e1fe3bbc2dce377e10b3319651346bf545b82ecdc7cd0ad507784223b282c4d26b
SSDEEP

98304:xvd5Dsd5DkbTsed5D8+Da65vGWD35RGOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrz:xXspAvGURGObAbN0Q

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	Bloxstrap.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2676	Bloxstrap.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2676	Bloxstrap.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2676	Bloxstrap.exe

C:\Users\Admin\AppData\Local\Temp\Bloxstrap.exe
"C:\Users\Admin\AppData\Local\Temp\Bloxstrap.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2676
- C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe
  "C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe" /silent /install
  2⤵
  PID:5884
- - C:\Program Files (x86)\Microsoft\Temp\EU5A1C.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EU5A1C.tmp\MicrosoftEdgeUpdate.exe" /silent /install "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20Webview2%20Runtime&needsadmin=prefers"
    3⤵
    PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
1.5MB

MD5
610b1b60dc8729bad759c92f82ee2804

SHA1
9992b7ae7a9c4e17a0a6d58ffd91b14cbb576552

SHA256
921d51979f3416ca19dca13a057f6fd3b09d8741f3576cad444eb95af87ebe08

SHA512
0614c4e421ccd5f4475a690ba46aac5bbb7d15caea66e2961895724e07e1ec7ee09589ca9394f6b2bcfb2160b17ac53798d3cf40fb207b6e4c6381c8f81ab6b4

Download Submit
C:\Users\Admin\AppData\Local\Bloxstrap\Versions\version-2e10d35f26294ab6\WebView2RuntimeInstaller\MicrosoftEdgeWebview2Setup.exe

Filesize
581KB

MD5
5cd490ccc1b6540f7e8e6b9d82d081d9

SHA1
71fd67f9c5865b928f79934d6178595d940a98b4

SHA256
2d14e46a5e4f2f0e6fe1efa0a4582d5d31a7d125c419e7e09df358131161eca2

SHA512
e7e38946286d8e2a6f9b4a28869f6cf550a7eb0bd9a1dd01cea30034b0de17ba8167e1aa3122da345ecfe8e2bfbfe98f550b1f609e936f5fa8dacbd6ab0772f2

Download Submit
memory/2676-0-0x00007FFB22C7B000-0x00007FFB22C7C000-memory.dmp

Filesize
4KB

Download
memory/2676-3-0x00007FFB22C7B000-0x00007FFB22C7C000-memory.dmp

Filesize
4KB

Download