Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
09-05-2021 15:05
Static task
static1
Behavioral task
behavioral1
Sample
2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe
Resource
win10v20210408
General
-
Target
2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe
-
Size
37KB
-
MD5
bd5c0741e738d306131f66392a01cf9a
-
SHA1
0798add046a8c30823fe9dd857bd159912d7570b
-
SHA256
2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4
-
SHA512
7e061a334e1ee743828e60fdd4ce901b785a15c010e75763922d2aa05e2bef51919d00e2594240d065d1b3a5fad3b43b6c7498b5e6142cefc0ef88722c341179
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
Processes:
szgfw.exepid process 204 szgfw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exedescription pid process target process PID 3492 wrote to memory of 204 3492 2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe szgfw.exe PID 3492 wrote to memory of 204 3492 2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe szgfw.exe PID 3492 wrote to memory of 204 3492 2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe szgfw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe"C:\Users\Admin\AppData\Local\Temp\2b8e9a78503b1181fd5ba6f41a4dc569938027d9c1fa8a89485daf1f261d85d4.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3492 -
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
PID:204
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
d3cb4e6fd4ea64da9b235eca71b80225
SHA181b35173c4f9523d3bd3c76c3840fb856855ad75
SHA256280641be33f8dcac05fa638438044387c3f90650b7ed25f3c7b27ae7b5b7c0b2
SHA512cd6f15c47e0481c377de2b187cc47e9ef29f42929fb7de4059031f8e9b5417a9f65ac96b78095da70df02f5a735bc618b6101c015572e1d7c5b20b6ce7a6dbb8
-
MD5
d3cb4e6fd4ea64da9b235eca71b80225
SHA181b35173c4f9523d3bd3c76c3840fb856855ad75
SHA256280641be33f8dcac05fa638438044387c3f90650b7ed25f3c7b27ae7b5b7c0b2
SHA512cd6f15c47e0481c377de2b187cc47e9ef29f42929fb7de4059031f8e9b5417a9f65ac96b78095da70df02f5a735bc618b6101c015572e1d7c5b20b6ce7a6dbb8