503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9 | Triage

Submit
Reports

Overview

overview

9

Static

static

503d1d7af2...e9.exe

windows7_x64

9

503d1d7af2...e9.exe

windows10-2004_x64

9

Sharing

General

Target

503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9
Size

6.4MB
Sample

220520-wfzysaebdq
MD5

9703cd46017b9e58d149b310a9769bf4
SHA1

111899150647f348b710d3afba7b401a26a32005
SHA256

503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9
SHA512

b3c70f08bce0b7cce6c198d630cd8a13ffc256c9e12456e9306594da7a4805ccc456a1d859c9daaea7de0f63fe35d297cb5d326e482af483cbcf4de8e67352f1

Score

9^/10

bootkit discovery persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9.exe

Resource

win7-20220414-en

bootkit discovery persistence upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9.exe

Resource

win10v2004-20220414-en

bootkit discovery persistence upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9
- Size
  
  6.4MB
- MD5
  
  9703cd46017b9e58d149b310a9769bf4
- SHA1
  
  111899150647f348b710d3afba7b401a26a32005
- SHA256
  
  503d1d7af2c9ffa6d7d12e67e6be98c5b004cdd0192784a2eb26c667111e43e9
- SHA512
  
  b3c70f08bce0b7cce6c198d630cd8a13ffc256c9e12456e9306594da7a4805ccc456a1d859c9daaea7de0f63fe35d297cb5d326e482af483cbcf4de8e67352f1
Score

9^/10

bootkit discovery persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoverypersistenceupx

© 2018-2024

Terms | Privacy