7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

7c59680ded...97.exe

windows7-x64

9

7c59680ded...97.exe

windows10-2004-x64

9

Sharing

General

Target

7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
Size

529KB
Sample

221003-cdzepadabj
MD5

71d0dbac0ac6b2d8742aad66901c4980
SHA1

b32db83b7b63b9859a009491c2da68339e9f16f2
SHA256

7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
SHA512

499fa0319ded479c21a78aaa031d0f2a8933ae716193fbb14e19213e991af15aeb087f836792b7eef877e594d83c8b3406046dac16b687f1e319e15906017e60
SSDEEP

12288:w7F+0hl+8BaEOtZ5W1UKzAfYOF5VUkjEfc8vy4hyU3D:IF+0e8TWecZjjp86az

Score

9^/10

bootkit discovery evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97.exe

Resource

win7-20220812-en

bootkit discovery persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97.exe

Resource

win10v2004-20220901-en

bootkit discovery evasion persistence upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
- Size
  
  529KB
- MD5
  
  71d0dbac0ac6b2d8742aad66901c4980
- SHA1
  
  b32db83b7b63b9859a009491c2da68339e9f16f2
- SHA256
  
  7c59680ded3353d5fe31fbb8791e53503dc127a0fb2d0bbe49ac21f91e08fd97
- SHA512
  
  499fa0319ded479c21a78aaa031d0f2a8933ae716193fbb14e19213e991af15aeb087f836792b7eef877e594d83c8b3406046dac16b687f1e319e15906017e60
- SSDEEP
  
  12288:w7F+0hl+8BaEOtZ5W1UKzAfYOF5VUkjEfc8vy4hyU3D:IF+0e8TWecZjjp86az
Score

9^/10

bootkit discovery persistence upx evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitdiscoverypersistenceupx

behavioral2

bootkitdiscoveryevasionpersistenceupx

© 2018-2024

Terms | Privacy