dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85 | Triage

Submit
Reports

Overview

overview

Static

static

8

dc637d75ac...85.exe

windows7-x64

8

dc637d75ac...85.exe

windows10-2004-x64

Sharing

General

Target

dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
Size

233KB
Sample

220725-ej3emsdhgq
MD5

064c205aceec74832921f2db4eb657ed
SHA1

fec7b2603aa0719ef7cf4432578f1722579c254c
SHA256

dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
SHA512

4a38a929539eef7119965cbda537f17f56c05c2e98bc6ad4e24be869e3811551447988d751643eda6cebc88622b9b5b9178c5f940fa55e85a08b9843b8fafe1f

Score

10^/10

discovery evasion persistence suricata upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85.exe

Resource

win7-20220715-en

persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85.exe

Resource

win10v2004-20220721-en

discovery evasion persistence suricata upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
- Size
  
  233KB
- MD5
  
  064c205aceec74832921f2db4eb657ed
- SHA1
  
  fec7b2603aa0719ef7cf4432578f1722579c254c
- SHA256
  
  dc637d75ac17a06ceb0e5ce8ec7d8bf914a23b8e46f0d0f5a1480307f36a8b85
- SHA512
  
  4a38a929539eef7119965cbda537f17f56c05c2e98bc6ad4e24be869e3811551447988d751643eda6cebc88622b9b5b9178c5f940fa55e85a08b9843b8fafe1f
Score

10^/10

persistence upx discovery evasion suricata
- Modifies firewall policy service
  evasion
- suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ant.trenz .pl Lookup
  suricata
- suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata: ET MALWARE Known Hostile Domain ilo.brenz .pl Lookup
  suricata
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Creates a Windows Service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Network Service Scanning

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoveryevasionpersistencesuricataupx

© 2018-2024

Terms | Privacy