e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f | Triage

Submit
Reports

Overview

overview

9

Static

static

1

e505db3a1f...2f.exe

windows7_x64

9

e505db3a1f...2f.exe

windows10-2004_x64

9

Sharing

General

Target

e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f
Size

2.4MB
Sample

220520-g4vawaggdr
MD5

c9d8d20830f3b513e9c07c6f7d3b9270
SHA1

ef53837929f88ecc9aeb2d16bed2940eb8175d03
SHA256

e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f
SHA512

d8cf1ac44e1df0ff3bae6edfa2f59172576f02303709f4508de83916158c835599209942d5c8b3f4bbf32f5d872844ce1253c19cc4c8a4e565d32074c971123c

Score

9^/10

discovery exploit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f.exe

Resource

win7-20220414-en

discovery exploit persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f.exe

Resource

win10v2004-20220414-en

discovery exploit persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f
- Size
  
  2.4MB
- MD5
  
  c9d8d20830f3b513e9c07c6f7d3b9270
- SHA1
  
  ef53837929f88ecc9aeb2d16bed2940eb8175d03
- SHA256
  
  e505db3a1f3cc707a092462ba3997f54f6c125cbc8f502d0f33bf8e3b5f3962f
- SHA512
  
  d8cf1ac44e1df0ff3bae6edfa2f59172576f02303709f4508de83916158c835599209942d5c8b3f4bbf32f5d872844ce1253c19cc4c8a4e565d32074c971123c
Score

9^/10

discovery exploit persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistenceupx

behavioral2

discoveryexploitpersistenceupx

© 2018-2024

Terms | Privacy