Overview

overview

7

Static

static

3

Bloxstrap-v2.7.0.exe

windows7-x64

3

Bloxstrap-v2.7.0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 01:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bloxstrap-v2.7.0.exe

  • Size

    10.1MB

  • MD5

    2c752edef5b0aa0962a3e01c4c82a2fa

  • SHA1

    9c3afd1c63f2b0dbdc2dc487709471222d2cb81e

  • SHA256

    891846bf656253ca1cdd28584a28681e9604e2a03d74cd6b99313e3bff11daf8

  • SHA512

    04d25fe7d40c8c320ffc545a038ad6ea458df6a8a552b0e0393b369a03b9bf273c72f30169bd54e8eb10757c04bdddf3859c601c1eb9e1a12fe4d15658906dfe

  • SSDEEP

    98304:TYd5DQd5Dk9Tsed5DogTrBKvGWD3nIOYoHwfLk3vSmaR0+Mc4AN0edaAHDfysrT4:Tasx3vG6IObAbN0T

Score
7/10
discovery

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.7.0.exe
    "C:\Users\Admin\AppData\Local\Temp\Bloxstrap-v2.7.0.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4084
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x41c 0x328
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:7076
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc9cda07fh3083h4a11ha200ha1f034cb767a
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa063946f8,0x7ffa06394708,0x7ffa06394718
      2⤵
        PID:4244
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,1214755245069029377,43749043797302071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
        2⤵
          PID:3940
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,1214755245069029377,43749043797302071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1244
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,1214755245069029377,43749043797302071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
          2⤵
            PID:1336
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:4604
          • C:\Windows\System32\CompPkgSrv.exe
            C:\Windows\System32\CompPkgSrv.exe -Embedding
            1⤵
              PID:4336

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
              Filesize

              152B

              MD5

              e443ee4336fcf13c698b8ab5f3c173d0

              SHA1

              9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

              SHA256

              79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

              SHA512

              cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
              Filesize

              5KB

              MD5

              488322c2c81628f239983a3acdcb1e16

              SHA1

              85acad3f21da454c2a608eab628ec2cc27ea0f8f

              SHA256

              50dd42b13952ca629ef0d54eefa212f34248ca6d85539ccb57987dcff412d924

              SHA512

              2193b4dbc8271ae83d29b96d34215baed766d5e2ecb1e432a087c9294ea7a127a0bb8191b23cc19b062fdd25ccd0813ae206835933026c42c2f609a8f9f74454

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
              Filesize

              8KB

              MD5

              3bec21015155d521a99f9a4c8adb46fd

              SHA1

              771ae2c5706bc983cc7b8b486abc0d20df56cb9d

              SHA256

              7642cc9dc80c4354c74cba13da9abd299898216580a49e17b6caf629c2c1d35b

              SHA512

              f385794115811b61de6c86629b57d738e815495477ffa67dcf6958b36ff1311d794c0ff963884f37b7ccd1c896fb8ccde8a7f27faa4e4761337d346ea7c53875

              Download Submit

            • memory/4084-0-0x00007FFA10D1B000-0x00007FFA10D1C000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4084-1-0x00007FFA10D1B000-0x00007FFA10D1C000-memory.dmp

              Filesize

              4KB

              Download