46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

46f4910316...21.exe

windows7_x64

9

46f4910316...21.exe

windows10-2004_x64

9

Sharing

General

Target

46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621
Size

2.5MB
Sample

220420-k55psaedf8
MD5

74fccc2acf0de830654ab8faf4b51aab
SHA1

9e20d74aa6c627435a9250827a6f15ecb2b4dce7
SHA256

46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621
SHA512

b3b35ef509b3c92a612c00d2004a27bf17d9a403346d07337ead4d6299c556f6d136cc88e396257734d456cfeb41c7cfc83f8054e2a665096776359e52f6a510

Score

9^/10

discovery exploit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621.exe

Resource

win7-20220414-en

discovery exploit persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621.exe

Resource

win10v2004-20220414-en

discovery exploit persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621
- Size
  
  2.5MB
- MD5
  
  74fccc2acf0de830654ab8faf4b51aab
- SHA1
  
  9e20d74aa6c627435a9250827a6f15ecb2b4dce7
- SHA256
  
  46f4910316829f2386f742c69fdcfc147d9b606360b771d9386dfdfe82fcd621
- SHA512
  
  b3b35ef509b3c92a612c00d2004a27bf17d9a403346d07337ead4d6299c556f6d136cc88e396257734d456cfeb41c7cfc83f8054e2a665096776359e52f6a510
Score

9^/10

discovery exploit persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistenceupx

behavioral2

discoveryexploitpersistenceupx

© 2018-2024

Terms | Privacy