5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b | Triage

Submit
Reports

Overview

overview

Static

static

1

5727b9e4ef...3b.exe

windows7-x64

8

5727b9e4ef...3b.exe

windows10-2004-x64

Sharing

General

Target

5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
Size

6.4MB
Sample

220725-awfzysffan
MD5

8aeba47c52536a3cc2e5ff20954477ae
SHA1

6971ff714dd3185fc684853b8dffc83935ad027a
SHA256

5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
SHA512

e85b57065e39fb5e7d95f87ac4b2c4b38214fbc4f2b42001281090e19acbaa14277cd8cf937c02b1697840065768795d270624fbd99e4a49a7f0192119bd4cf4

Score

10^/10

discovery evasion suricata upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b.exe

Resource

win7-20220718-en

discovery evasion upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b.exe

Resource

win10v2004-20220721-en

evasion suricata upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
- Size
  
  6.4MB
- MD5
  
  8aeba47c52536a3cc2e5ff20954477ae
- SHA1
  
  6971ff714dd3185fc684853b8dffc83935ad027a
- SHA256
  
  5727b9e4ef983311c263bc77fd1a545f8860d25138d737ff4128f11f85ab793b
- SHA512
  
  e85b57065e39fb5e7d95f87ac4b2c4b38214fbc4f2b42001281090e19acbaa14277cd8cf937c02b1697840065768795d270624fbd99e4a49a7f0192119bd4cf4
Score

10^/10

discovery evasion upx suricata
- suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
  suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016 (WinHTTPRequest)
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Security Software Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryevasionupx

behavioral2

evasionsuricataupx

© 2018-2024

Terms | Privacy