aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912 | Triage

Submit
Reports

Overview

overview

Static

static

5

aa4fb51178...12.exe

windows7-x64

aa4fb51178...12.exe

windows10-2004-x64

5

Sharing

General

Target

aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912
Size

38KB
Sample

241111-ck9h8stlal
MD5

51b4b6d3139c77d3bb6fe3b6bd7a3651
SHA1

3d75b85da0618a66719a590104692c652b4d91b1
SHA256

aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912
SHA512

602a25e4606bc0d3713461af8d82c6b276f072fb38467c24e05258aa487d43925e6b6e5d61eaf38aa9a34aaa84d33939ff1a8240269ee3e998a3c9ffc5369b00
SSDEEP

768:aHpqwkfEY6GmDvRwlNoJfiqFMkBh5e6BXZgB4e:aHpXkfhitgQiqFd5XZgCe

Score

10^/10

adware defense_evasion discovery evasion persistence stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912.exe

Resource

win7-20241023-en

adware defense_evasion discovery evasion persistence stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912.exe

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912
- Size
  
  38KB
- MD5
  
  51b4b6d3139c77d3bb6fe3b6bd7a3651
- SHA1
  
  3d75b85da0618a66719a590104692c652b4d91b1
- SHA256
  
  aa4fb5117829cc5db055647ef8a25e0c5cadef1032f5b6f84b600cb48d9b7912
- SHA512
  
  602a25e4606bc0d3713461af8d82c6b276f072fb38467c24e05258aa487d43925e6b6e5d61eaf38aa9a34aaa84d33939ff1a8240269ee3e998a3c9ffc5369b00
- SSDEEP
  
  768:aHpqwkfEY6GmDvRwlNoJfiqFMkBh5e6BXZgB4e:aHpXkfhitgQiqFd5XZgCe
Score

10^/10

adware defense_evasion discovery evasion persistence stealer upx
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Deletes itself
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Modifies WinLogon
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Winlogon Helper DLL

Browser Extensions

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Winlogon Helper DLL

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Safe Mode Boot

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwaredefense_evasiondiscoveryevasionpersistencestealerupx

behavioral2

© 2018-2024

Terms | Privacy