f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d | Triage

Submit
Reports

Overview

overview

Static

static

8

f44ac9eaa1...7d.exe

windows7-x64

f44ac9eaa1...7d.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d
Size

347KB
Sample

221011-c8jmqabdh9
MD5

7c365ce19792593219acd828c414b23d
SHA1

70c40c90ddbdc0e18148a39b0feb48a08132ecf3
SHA256

f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d
SHA512

d2f3302b669c576371c990e0d8945024a5560369e178126e92f18ca2bbc7f014de564a8c09fe5754f942cae7d97a1a5c29b630419c0b89c8a8e3d608860e4d85
SSDEEP

6144:xIG+vg3HSSOCkhwXLg9W/J6Mt8VifcfK5l56Vf37of73Qn22PoTs91gz/r+YNl:Sbvg3kCe6foMt8ibbqf30TguTy1+y

Score

10^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d.exe

Resource

win7-20220812-en

persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d.exe

Resource

win10v2004-20220812-en

persistence upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d
- Size
  
  347KB
- MD5
  
  7c365ce19792593219acd828c414b23d
- SHA1
  
  70c40c90ddbdc0e18148a39b0feb48a08132ecf3
- SHA256
  
  f44ac9eaa13510807b0c6a908095f82ebae17be780f2d64b4fafa9f00865977d
- SHA512
  
  d2f3302b669c576371c990e0d8945024a5560369e178126e92f18ca2bbc7f014de564a8c09fe5754f942cae7d97a1a5c29b630419c0b89c8a8e3d608860e4d85
- SSDEEP
  
  6144:xIG+vg3HSSOCkhwXLg9W/J6Mt8VifcfK5l56Vf37of73Qn22PoTs91gz/r+YNl:Sbvg3kCe6foMt8ibbqf30TguTy1+y
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy