008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975 | Triage

Submit
Reports

Overview

overview

9

Static

static

8

008f647544...75.exe

windows7-x64

9

008f647544...75.exe

windows10-2004-x64

9

Sharing

General

Target

008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975
Size

533KB
Sample

221010-3x354aefg9
MD5

7bf61ffb8689283b47945e1b97d79e7c
SHA1

77a92cd4b4fb008dcc4c047e0e4187510db71063
SHA256

008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975
SHA512

562764d8c5f40019cc6cb59ace05df1fc17d48dc8579e6c54f368e86ca56b2675328963f2c81676982f73f51ce373e09150a91b9123e656e04902844c9888c6b
SSDEEP

12288:FljpVO8YksvQJ2T5u6li5qBEbKWwQIIazn5g/bkkb5gw9KizUc:lkksvQ8T06AUBWZwQb4O/bgizUc

Score

9^/10

discovery exploit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975.exe

Resource

win7-20220812-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975.exe

Resource

win10v2004-20220812-en

discovery exploit persistence upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975
- Size
  
  533KB
- MD5
  
  7bf61ffb8689283b47945e1b97d79e7c
- SHA1
  
  77a92cd4b4fb008dcc4c047e0e4187510db71063
- SHA256
  
  008f6475441482398709a7b90e2858dff313aff6cf2bf2dd8029abb660904975
- SHA512
  
  562764d8c5f40019cc6cb59ace05df1fc17d48dc8579e6c54f368e86ca56b2675328963f2c81676982f73f51ce373e09150a91b9123e656e04902844c9888c6b
- SSDEEP
  
  12288:FljpVO8YksvQJ2T5u6li5qBEbKWwQIIazn5g/bkkb5gw9KizUc:lkksvQ8T06AUBWZwQb4O/bgizUc
Score

9^/10

upx discovery exploit persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops file in Drivers directory
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

discoveryexploitpersistenceupx

© 2018-2024

Terms | Privacy