Overview

overview

10

Static

static

DriverUpda...45.exe

windows7_x64

1

DriverUpda...45.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe

  • Size

    690KB

  • Sample

    210119-ykmrlnb7px

  • MD5

    9b57d8f7ebf2e307a02430be0a1cdab1

  • SHA1

    15aa078a2e52d95702a35a9d7cff2ec352c73913

  • SHA256

    92dd3781f16d24879509cc96d5a8d3a648ba0249e7da7b1f829e0d4bc455528a

  • SHA512

    387f35d43d2c8e6c1de420e6e3a4b73dc5822901761a2ca4d6e58a0579545ef441dfe3d86dbd1bc0b088f3fa302d13d98c544d6e4491fee9e88c8c0609cecb42

Score
10/10
persistenceupx

Malware Config

Targets

    • Target

      DriverUpdate-setup-787b5068-7237-4eb5-af86-4038ded17345.exe

    • Size

      690KB

    • MD5

      9b57d8f7ebf2e307a02430be0a1cdab1

    • SHA1

      15aa078a2e52d95702a35a9d7cff2ec352c73913

    • SHA256

      92dd3781f16d24879509cc96d5a8d3a648ba0249e7da7b1f829e0d4bc455528a

    • SHA512

      387f35d43d2c8e6c1de420e6e3a4b73dc5822901761a2ca4d6e58a0579545ef441dfe3d86dbd1bc0b088f3fa302d13d98c544d6e4491fee9e88c8c0609cecb42

    Score
    10/10
    persistenceupx

    • Registers COM server for autorun

      persistence

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • JavaScript code in executable

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks