d7eb9189ebf572a0b196fbb798ec038ce364a562c14d77ecc523451bee81ebba | Triage

Submit
Reports

Overview

overview

Static

static

1

DriverPack...87.exe

windows7_x64

DriverPack...87.exe

windows10-2004_x64

Sharing

General

Target

DriverPack-17-Online_569590981.1586169787.exe
Size

6.4MB
Sample

220517-axy7xsfhek
MD5

f9d8113ccfaa00f5fb6d1c8d88613d16
SHA1

9cad0f98446f3cbe749084360b4e83104f93e9f8
SHA256

d7eb9189ebf572a0b196fbb798ec038ce364a562c14d77ecc523451bee81ebba
SHA512

d20969f552be9ff7455fe1cabc059f1818f9284c052aa0d9154384ada12ae3b01260ddbf3cec4274cf87c5bd50c594b5dce4fa915c4f5d38926414dae8efb8b9

Score

10^/10

google discovery evasion phishing suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

DriverPack-17-Online_569590981.1586169787.exe

Resource

win7-20220414-en

google discovery evasion phishing suricata upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DriverPack-17-Online_569590981.1586169787.exe

Resource

win10v2004-20220414-en

google discovery evasion phishing suricata upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  DriverPack-17-Online_569590981.1586169787.exe
- Size
  
  6.4MB
- MD5
  
  f9d8113ccfaa00f5fb6d1c8d88613d16
- SHA1
  
  9cad0f98446f3cbe749084360b4e83104f93e9f8
- SHA256
  
  d7eb9189ebf572a0b196fbb798ec038ce364a562c14d77ecc523451bee81ebba
- SHA512
  
  d20969f552be9ff7455fe1cabc059f1818f9284c052aa0d9154384ada12ae3b01260ddbf3cec4274cf87c5bd50c594b5dce4fa915c4f5d38926414dae8efb8b9
Score

10^/10

google discovery evasion phishing suricata upx
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Detected potential entity reuse from brand google.
  phishing google
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

googlediscoveryevasionphishingsuricataupx

behavioral2

googlediscoveryevasionphishingsuricataupx

© 2018-2024

Terms | Privacy