Overview

overview

10

Static

static

8546ea8b15...54.exe

windows7_x64

10

8546ea8b15...54.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    08-05-2021 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8546ea8b1504e11b0cc6fe444a733c572b142ea0931008414dfd6f7d011a2054.exe

  • Size

    29KB

  • MD5

    e1b272e706713435dd3744c91f319286

  • SHA1

    0f11fb5cc6e5fa16da99ea30257ca5e9b75c2d1e

  • SHA256

    8546ea8b1504e11b0cc6fe444a733c572b142ea0931008414dfd6f7d011a2054

  • SHA512

    5788761c5a389f35f627faef512c8f51859a8b050c9d6b413e38004616a93322a0938ebf2c378a71b518b9ac3dbc4a9c8bd6e9d0153b926e28666fb3213aab0c

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8546ea8b1504e11b0cc6fe444a733c572b142ea0931008414dfd6f7d011a2054.exe
    "C:\Users\Admin\AppData\Local\Temp\8546ea8b1504e11b0cc6fe444a733c572b142ea0931008414dfd6f7d011a2054.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3952
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2932-118-0x0000000000410000-0x00000000004BE000-memory.dmp

    Filesize

    696KB

    Download

  • memory/3952-117-0x0000000000570000-0x0000000000571000-memory.dmp

    Filesize

    4KB

    Download