General

  • Target

    11.exe

  • Size

    1MB

  • Sample

    210507-trk9rzx5f2

  • MD5

    1fc1c860e86a8fbc2021d2567d62f703

  • SHA1

    42ea2c9f4548614574dff36e019ae1cbc68b54e3

  • SHA256

    76005ce2b7eb0c95f8dcc06b501244c73b17b3aff65e78c672c4a6ae56e67306

  • SHA512

    fb48f1837601a1bc7b2057d086414bc4a8478d3a3f17ea216e424d7d7509b825e35be8c7b6afb7ec91604058b2e4e230f8daba46fc04b30d3e0e1b473c20b67c

Score
8/10

Malware Config

Targets

    • Target

      11.exe

    • Size

      1MB

    • MD5

      1fc1c860e86a8fbc2021d2567d62f703

    • SHA1

      42ea2c9f4548614574dff36e019ae1cbc68b54e3

    • SHA256

      76005ce2b7eb0c95f8dcc06b501244c73b17b3aff65e78c672c4a6ae56e67306

    • SHA512

      fb48f1837601a1bc7b2057d086414bc4a8478d3a3f17ea216e424d7d7509b825e35be8c7b6afb7ec91604058b2e4e230f8daba46fc04b30d3e0e1b473c20b67c

    Score
    8/10
    • Executes dropped EXE

    • Sets DLL path for service in the registry

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Deletes itself

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks