1cbef57927e013839abbd5a6e996b5f331ade9268c2962a411c77f60f321b144 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

2d7d74c820...0N.exe

windows7-x64

7

2d7d74c820...0N.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

2d7d74c8204fe26ebd41564b92a80b80N
Size

6.4MB
Sample

240909-ssf5naxdqb
MD5

2d7d74c8204fe26ebd41564b92a80b80
SHA1

9425f442d8f6d7b0833609862df97b72296e4dde
SHA256

1cbef57927e013839abbd5a6e996b5f331ade9268c2962a411c77f60f321b144
SHA512

b3a20058bc2ac12b493db5126edc5f9d544d4ffbc092e10037be440cf4b62a6871591dbe3151fd5d9f38c1ec72bfc0ae23c84d8f502f528ebb63de737a1138e9
SSDEEP

98304:hYvYJfLxtX3euZ4/853/4v4tQYgHl4rbTZvTRHYUaxNpbopTjYvH:WY5LxtE/bvOgHUTRBaPpKv

Score

8^/10

discovery evasion persistence privilege_escalation spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2d7d74c8204fe26ebd41564b92a80b80N.exe

Resource

win7-20240704-en

discovery evasion spyware stealer trojan

windows7-x64

21 signatures

120 seconds

Behavioral task

behavioral2

Sample

2d7d74c8204fe26ebd41564b92a80b80N.exe

Resource

win10v2004-20240802-en

discovery evasion persistence privilege_escalation spyware stealer trojan

windows10-2004-x64

26 signatures

120 seconds

Malware Config

Targets

- Target
  
  2d7d74c8204fe26ebd41564b92a80b80N
- Size
  
  6.4MB
- MD5
  
  2d7d74c8204fe26ebd41564b92a80b80
- SHA1
  
  9425f442d8f6d7b0833609862df97b72296e4dde
- SHA256
  
  1cbef57927e013839abbd5a6e996b5f331ade9268c2962a411c77f60f321b144
- SHA512
  
  b3a20058bc2ac12b493db5126edc5f9d544d4ffbc092e10037be440cf4b62a6871591dbe3151fd5d9f38c1ec72bfc0ae23c84d8f502f528ebb63de737a1138e9
- SSDEEP
  
  98304:hYvYJfLxtX3euZ4/853/4v4tQYgHl4rbTZvTRHYUaxNpbopTjYvH:WY5LxtE/bvOgHUTRBaPpKv
Score

8^/10

discovery evasion spyware stealer trojan persistence privilege_escalation
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Image File Execution Options Injection

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionspywarestealertrojan

behavioral2

discoveryevasionpersistenceprivilege_escalationspywarestealertrojan

© 2018-2025

Terms | Privacy