Overview

overview

10

Static

static

65d42c0cfa...a2.exe

windows7_x64

10

65d42c0cfa...a2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    154s
  • max time network
    139s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-02-2022 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    65d42c0cfa79bf744c4abe28ec4dbd868e279407d601c04f13b81090112f31a2.exe

  • Size

    605KB

  • MD5

    02cdcb26c34ba3befe7a34432724cfcb

  • SHA1

    1b2586fbb7d67605f935cf0196cbd2dfa54a1075

  • SHA256

    65d42c0cfa79bf744c4abe28ec4dbd868e279407d601c04f13b81090112f31a2

  • SHA512

    902ad741c5a7bd9a7b4dc0e84e9d0d318378635c09002c55f213e95cffad318401a5603513e5d9e9cc80d76dcfcc044b91f0b5ef1515e16106a775c2b8636b6b

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\65d42c0cfa79bf744c4abe28ec4dbd868e279407d601c04f13b81090112f31a2.exe
    "C:\Users\Admin\AppData\Local\Temp\65d42c0cfa79bf744c4abe28ec4dbd868e279407d601c04f13b81090112f31a2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:952
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:608

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/952-55-0x0000000076B81000-0x0000000076B83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/952-56-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download