226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0 | Triage

Submit
Reports

Overview

overview

Static

static

8

226a5f5a85...e0.exe

windows7-x64

226a5f5a85...e0.exe

windows10-2004-x64

8

Sharing

General

Target

226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0
Size

328KB
Sample

221003-p5ldcsgcfl
MD5

43ca9513dcd1ac5ed7956af299de64a0
SHA1

af57c6b3280ccabc7ac1c330a42c2fb357f27283
SHA256

226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0
SHA512

c72b08e13a81f39494a044e8b5b1c022ea62eb87ecccb0358fd2152104ba27cb8956d0f99b04dbe27ca970753837f47937232a5da09d3069d7f5b51c646f4541
SSDEEP

6144:gYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UO85DajV3fH:gSNC80I+cR3R03VseuO8523f

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0
- Size
  
  328KB
- MD5
  
  43ca9513dcd1ac5ed7956af299de64a0
- SHA1
  
  af57c6b3280ccabc7ac1c330a42c2fb357f27283
- SHA256
  
  226a5f5a855b7212c6a0c3724cf6e2a809bbf875048b77695f49771d54db42e0
- SHA512
  
  c72b08e13a81f39494a044e8b5b1c022ea62eb87ecccb0358fd2152104ba27cb8956d0f99b04dbe27ca970753837f47937232a5da09d3069d7f5b51c646f4541
- SSDEEP
  
  6144:gYZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UO85DajV3fH:gSNC80I+cR3R03VseuO8523f
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy