6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba | Triage

Submit
Reports

Overview

overview

9

Static

static

1

6fda453aaf...ba.exe

windows7_x64

9

6fda453aaf...ba.exe

windows10-2004_x64

9

Sharing

General

Target

6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
Size

2.2MB
Sample

220309-sp2beshgg8
MD5

f8c8ebd884d22e0866c217d24c16042f
SHA1

0b9a6f2e1d735dae6f979c4bb357b565614b721d
SHA256

6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
SHA512

3114b0e3984f6d566378a7dcda39ab6f48da57b71462f283e28d94e980b85d93f5a4e84ab74e3a83e90f8f148a768684fd45585fd7844207f448baeb93bc4787

Score

9^/10

discovery exploit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba.exe

Resource

win7-en-20211208

discovery exploit persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba.exe

Resource

win10v2004-en-20220112

discovery exploit persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
- Size
  
  2.2MB
- MD5
  
  f8c8ebd884d22e0866c217d24c16042f
- SHA1
  
  0b9a6f2e1d735dae6f979c4bb357b565614b721d
- SHA256
  
  6fda453aaf860ae8d48167f722685abfe2dbf70ba3145381757f921caf8673ba
- SHA512
  
  3114b0e3984f6d566378a7dcda39ab6f48da57b71462f283e28d94e980b85d93f5a4e84ab74e3a83e90f8f148a768684fd45585fd7844207f448baeb93bc4787
Score

9^/10

discovery exploit persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistenceupx

behavioral2

discoveryexploitpersistenceupx

© 2018-2024

Terms | Privacy