9e9c32badb52444ca8a8726aef7c220ff48de8c7916cdfdca4dff6e009ac1f0c | Triage

Submit
Reports

Overview

overview

7

Static

static

3

OpenShellS...91.exe

windows10-ltsc 2021-x64

7

Sharing

General

Target

OpenShellSetup_4_4_191.exe
Size

7.9MB
Sample

241111-pwhacazcnf
MD5

e0484fd1e79a0227a5923cdc95b511ba
SHA1

bea0cb5c42adbde14e8cf50b64982e1877c7855d
SHA256

9e9c32badb52444ca8a8726aef7c220ff48de8c7916cdfdca4dff6e009ac1f0c
SHA512

80f8b0ac16dfbf7df640a69b0f05ec9e002e09ed1d7c84d231db00422972c5a02ddef616570d4e7488f697c28933bbf27e5175db61b8cbd2403203b6e30bf431
SSDEEP

196608:B+s5T8f3Hb+IcrthtV80y85WDe+qHw7aJvRt5Oj8GWDAqr:BbT8j+9JkNDJQGuRFDj

Score

7^/10

adware discovery persistence privilege_escalation stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

OpenShellSetup_4_4_191.exe

Resource

win10ltsc2021-20241023-en

adware discovery persistence privilege_escalation stealer

windows10-ltsc 2021-x64

23 signatures

300 seconds

Malware Config

Targets

- Target
  
  OpenShellSetup_4_4_191.exe
- Size
  
  7.9MB
- MD5
  
  e0484fd1e79a0227a5923cdc95b511ba
- SHA1
  
  bea0cb5c42adbde14e8cf50b64982e1877c7855d
- SHA256
  
  9e9c32badb52444ca8a8726aef7c220ff48de8c7916cdfdca4dff6e009ac1f0c
- SHA512
  
  80f8b0ac16dfbf7df640a69b0f05ec9e002e09ed1d7c84d231db00422972c5a02ddef616570d4e7488f697c28933bbf27e5175db61b8cbd2403203b6e30bf431
- SSDEEP
  
  196608:B+s5T8f3Hb+IcrthtV80y85WDe+qHw7aJvRt5Oj8GWDAqr:BbT8j+9JkNDJQGuRFDj
Score

7^/10

adware discovery persistence privilege_escalation stealer
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Installs/modifies Browser Helper Object
  BHOs are DLL modules which act as plugins for Internet Explorer.
  stealer adware
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Browser Extensions

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

adwarediscoverypersistenceprivilege_escalationstealer

© 2018-2024

Terms | Privacy