Overview

overview

10

Static

static

dea0e56e_b...is.exe

windows7_x64

10

dea0e56e_b...is.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    05/05/2021, 10:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dea0e56e_by_Libranalysis.exe

  • Size

    6KB

  • MD5

    dea0e56e4ce2fafb80ace3b818eb44fe

  • SHA1

    ce252a12317c0d0cac83b87a76db375baf05cb94

  • SHA256

    7393f83f5d24d5c64e2c0298133f5052404250dfda167591019057b574ed8d1b

  • SHA512

    d04ba2daa722bc929628605cc0dfa4bc2ae34e485d13685a8f8a5747754c88915f32621363955640cac49c890ac01136aef7444d3fd62ab26be048ebae50e4ee

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dea0e56e_by_Libranalysis.exe
    "C:\Users\Admin\AppData\Local\Temp\dea0e56e_by_Libranalysis.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:308
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2028

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/308-59-0x0000000075A31000-0x0000000075A33000-memory.dmp

          Filesize

          8KB

          Download