Analysis
-
max time kernel
150s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
09-05-2021 18:53
Static task
static1
Behavioral task
behavioral1
Sample
5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe
Resource
win10v20210410
General
-
Target
5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe
-
Size
34KB
-
MD5
ed7ba34b6aff9d55965b543dd3c4b670
-
SHA1
e8ebd238d18e1690e3b814a3f9088d4751efd02f
-
SHA256
5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7
-
SHA512
2a0dc999f2af5478178b1e5dca9a81ebfdaa284ff050a9834c707fe2057ce062c0118f1c554794dc87dffba36c066ff29d6692a4c29406e898f3422fad8b7fcb
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
Processes:
szgfw.exepid process 744 szgfw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exedescription pid process target process PID 3172 wrote to memory of 744 3172 5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe szgfw.exe PID 3172 wrote to memory of 744 3172 5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe szgfw.exe PID 3172 wrote to memory of 744 3172 5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe szgfw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe"C:\Users\Admin\AppData\Local\Temp\5b7007210f130243a87a24f019485da6807c1768dd4d0a4429ef9d00692de5c7.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3172 -
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
PID:744
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
42c33b4e2cf48c5156f71f61d866e6c1
SHA1473d9b1e7dd6563c7902f24f1c43c5b13bebe7e4
SHA256ed7fee3500f6d467ce1cbe0c78fcf652ff94780e4c7d1d42e02e7c285c8db9ad
SHA5129fbe51d8901a2c1cd1d5cf8a2d42c961acf5fb956fdae7ae855625a57c63ee814c44fda32dd07097df2e3e1e91be206f54a5cf177b37bf5e71515eec186105fe
-
MD5
42c33b4e2cf48c5156f71f61d866e6c1
SHA1473d9b1e7dd6563c7902f24f1c43c5b13bebe7e4
SHA256ed7fee3500f6d467ce1cbe0c78fcf652ff94780e4c7d1d42e02e7c285c8db9ad
SHA5129fbe51d8901a2c1cd1d5cf8a2d42c961acf5fb956fdae7ae855625a57c63ee814c44fda32dd07097df2e3e1e91be206f54a5cf177b37bf5e71515eec186105fe