Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
15-05-2021 05:42
Static task
static1
Behavioral task
behavioral1
Sample
8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe
Resource
win10v20210410
General
-
Target
8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe
-
Size
35KB
-
MD5
cfcd8e2d980e20e7ef68af9183b662f9
-
SHA1
ac274727613272df00140e018f972ace602949fa
-
SHA256
8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636
-
SHA512
d5b25190dcbb84b23958df7152289e93d568984fd0625b42c35f8ae32dd9858d8bbbb02e360e124b2c18388747db55d799c7c8ab866071f1c5f3658d480b47ad
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
Processes:
szgfw.exepid process 2460 szgfw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exedescription pid process target process PID 3172 wrote to memory of 2460 3172 8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe szgfw.exe PID 3172 wrote to memory of 2460 3172 8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe szgfw.exe PID 3172 wrote to memory of 2460 3172 8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe szgfw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe"C:\Users\Admin\AppData\Local\Temp\8186e6a8a8747a1b8f79b38fe39e7b408ea2aa35af176db36431b15dacf0d636.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3172 -
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
PID:2460
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
a29de8212861a037729520db0eaa8c51
SHA1bb0a2d14bd8a3385862c883009c3ad71e2c88918
SHA256f42fcc49aed6ccbb6d2e2710b686a4c81f89bfa19af71a2225ee7f6c358004d4
SHA51249926fcaa3899ac66453228310b4683843872a1fa2997b794fda120ebe76d43abed05f801f3d8f3505b77e17c31419f524edab09d4d2f8a8e4074b1f1271bcad
-
MD5
a29de8212861a037729520db0eaa8c51
SHA1bb0a2d14bd8a3385862c883009c3ad71e2c88918
SHA256f42fcc49aed6ccbb6d2e2710b686a4c81f89bfa19af71a2225ee7f6c358004d4
SHA51249926fcaa3899ac66453228310b4683843872a1fa2997b794fda120ebe76d43abed05f801f3d8f3505b77e17c31419f524edab09d4d2f8a8e4074b1f1271bcad