Overview

overview

10

Static

static

7fa37440e0...69.exe

windows7_x64

10

7fa37440e0...69.exe

windows10_x64

10

Analysis

  • max time kernel
    150s
  • max time network
    46s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    17/05/2021, 09:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7fa37440e0322c2a1bf3f4bbf272afc6d74e6ca68a8fde08467b95bd8ab38b69.exe

  • Size

    602KB

  • MD5

    0caddb2ff4cf3915676a0f1119cc5048

  • SHA1

    571570f454c118970800ab24e629766e3c7f9259

  • SHA256

    7fa37440e0322c2a1bf3f4bbf272afc6d74e6ca68a8fde08467b95bd8ab38b69

  • SHA512

    757ed6bcdc4a4240b7d83b2d603132d4bd6aed4a9a3eb93b2a2fd474393d158c89e1378010b12de1c9b84e6537301318e21c17d0f15422260baaf14b1eae49c8

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7fa37440e0322c2a1bf3f4bbf272afc6d74e6ca68a8fde08467b95bd8ab38b69.exe
    "C:\Users\Admin\AppData\Local\Temp\7fa37440e0322c2a1bf3f4bbf272afc6d74e6ca68a8fde08467b95bd8ab38b69.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2860

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/636-117-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB

    Download