23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c | Triage

Submit
Reports

Overview

overview

Static

static

8

23fb929190...9c.exe

windows7_x64

23fb929190...9c.exe

windows10-2004_x64

Sharing

General

Target

23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c
Size

3.2MB
Sample

220520-3gh5zsghc2
MD5

164522c5805de5f7392cf0f81e67914f
SHA1

11da4bf6263230b0f740d0f602ee7b9d5bd00800
SHA256

23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c
SHA512

7c3c8dbe99a9f1c4b7e6e06ecd84a209c224ee41490e358b978de90ee0b42d354e8d6bdcb4932d8465b63b500b67c057992de8c2dbf61d7cfce0cfea8e5e05da

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c.exe

Resource

win7-20220414-en

evasion persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c.exe

Resource

win10v2004-20220414-en

evasion persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c
- Size
  
  3.2MB
- MD5
  
  164522c5805de5f7392cf0f81e67914f
- SHA1
  
  11da4bf6263230b0f740d0f602ee7b9d5bd00800
- SHA256
  
  23fb92919059417d63da18028869fdb717db5e07ad305d9d244246492c67009c
- SHA512
  
  7c3c8dbe99a9f1c4b7e6e06ecd84a209c224ee41490e358b978de90ee0b42d354e8d6bdcb4932d8465b63b500b67c057992de8c2dbf61d7cfce0cfea8e5e05da
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Disables RegEdit via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy