b98f423ef45672dfd08e36f1ed2279b8a4a7c797a34a3349507bf6e68a95eb8c | Triage

Submit
Reports

Overview

overview

7

Static

static

1

img100 (8).png

windows10-ltsc 2021-x64

7

Sharing

General

Target

img100 (8).png
Size

1.4MB
Sample

241110-tk5cyszkey
MD5

f1ad1ff08db4b54537c40d9ea369a4b4
SHA1

e0a87b82a6a080e8fa78d22cd5b8a2fa2d2dd241
SHA256

b98f423ef45672dfd08e36f1ed2279b8a4a7c797a34a3349507bf6e68a95eb8c
SHA512

558e8b18efc83846944180e8eba397784aaa37bef20744277fa521b99ddeaea9c15003dd8cc494d7f3737135f9b7b59c4634ff0d19fc3dae89e0aa17658d61f8
SSDEEP

24576:/12hYitTBAc+64EvTBJg47tO9QU1poyGneUlAGG+pxtvR4WH/DqOtum1IhZ:/1YYitTBAcXh1Jg+tOWupFUlAV0dqOtC

Score

7^/10

adware discovery persistence privilege_escalation stealer

Static task

static1

Behavioral task

behavioral1

Sample

img100 (8).png

Resource

win10ltsc2021-20241023-en

adware discovery persistence privilege_escalation stealer

windows10-ltsc 2021-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  img100 (8).png
- Size
  
  1.4MB
- MD5
  
  f1ad1ff08db4b54537c40d9ea369a4b4
- SHA1
  
  e0a87b82a6a080e8fa78d22cd5b8a2fa2d2dd241
- SHA256
  
  b98f423ef45672dfd08e36f1ed2279b8a4a7c797a34a3349507bf6e68a95eb8c
- SHA512
  
  558e8b18efc83846944180e8eba397784aaa37bef20744277fa521b99ddeaea9c15003dd8cc494d7f3737135f9b7b59c4634ff0d19fc3dae89e0aa17658d61f8
- SSDEEP
  
  24576:/12hYitTBAc+64EvTBJg47tO9QU1poyGneUlAGG+pxtvR4WH/DqOtum1IhZ:/1YYitTBAcXh1Jg+tOWupFUlAV0dqOtC
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

Event Triggered Execution

Component Object Model Hijacking

Privilege Escalation

Event Triggered Execution

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

© 2018-2024

Terms | Privacy