57e17fa18d3864f208ee2636681b8ac0142625f0cb7f6929e15b63b350c99703 | Triage

Submit
Reports

Overview

overview

Static

static

app.exe

windows7_x64

app.exe

windows10_x64

Sharing

General

Target

app.exe
Size

3.9MB
Sample

201117-cw2dvzpta6
MD5

4326312f9b727db3ce640416919b4373
SHA1

462a3b5ba5bcdf4ea32d967ca0f7c90cbc191317
SHA256

57e17fa18d3864f208ee2636681b8ac0142625f0cb7f6929e15b63b350c99703
SHA512

4a5bb0167e2bf6553c3fa8bb6e85d6295be7ec63789a019b6afbe39119c0698e9841969df7d3cf53725ff19a9d796719fca3b94803e07df70d223c6f7af349d5

Score

10^/10

discovery evasion persistence trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

app.exe

Resource

win7v20201028

discovery evasion persistence trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

app.exe

Resource

win10v20201028

discovery evasion persistence trojan upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  app.exe
- Size
  
  3.9MB
- MD5
  
  4326312f9b727db3ce640416919b4373
- SHA1
  
  462a3b5ba5bcdf4ea32d967ca0f7c90cbc191317
- SHA256
  
  57e17fa18d3864f208ee2636681b8ac0142625f0cb7f6929e15b63b350c99703
- SHA512
  
  4a5bb0167e2bf6553c3fa8bb6e85d6295be7ec63789a019b6afbe39119c0698e9841969df7d3cf53725ff19a9d796719fca3b94803e07df70d223c6f7af349d5
Score

10^/10

discovery evasion persistence trojan upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Windows security bypass
  evasion trojan
- Modifies boot configuration data using bcdedit
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- JavaScript code in executable
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Disabling Security Tools

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencetrojanupx

behavioral2

discoveryevasionpersistencetrojanupx

© 2018-2024

Terms | Privacy