07d95c75c4f80d5385aaffad585e928e109c066646c2a2a181b77c2f8b58c5a2 | Triage

Submit
Reports

Overview

overview

Static

static

8

error.exe

windows7-x64

error.exe

windows10-2004-x64

Sharing

General

Target

07d95c75c4f80d5385aaffad585e928e109c066646c2a2a181b77c2f8b58c5a2
Size

150KB
Sample

221017-lasx6sbeen
MD5

9e11a813d4911fb1dfc381ba4378e7e8
SHA1

361d70df01fb4a77ca512496d3e8c358ae4d57d6
SHA256

07d95c75c4f80d5385aaffad585e928e109c066646c2a2a181b77c2f8b58c5a2
SHA512

30d606f331d6f279a98a9ec56bf9895483063909dafce021efc63577c4163ffe5249a121c804484d36009f9b8c1e5d9a7e8936c438139a416338b1a09d300b27
SSDEEP

3072:ZqGH7/nhyunnP+Zwvt1quq0QC0APTRzzNZLMzYrgvMRzQCyls2HnxSA:vtnnGZwvnqlK5znwzIJl0HnxSA

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

error.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

error.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  error.exe
- Size
  
  467KB
- MD5
  
  d9c40f19c93f680e076d135893acf346
- SHA1
  
  9d1e7a14bd659b70a37c5f6e958fe29f6fff184c
- SHA256
  
  bd251629234b812305069bfd2e54546d8131c0efa7e6c49cbc3598436bcb6713
- SHA512
  
  900798dee7de121e4b431c879c2294a387db462ecf6bd91859374841c4994ffe66dbf8d079817fa55902ba2c50f78b66f5cf2b42c181b259af089de29c6874e2
- SSDEEP
  
  6144:yY+32WWluqvHpVmXWEjFJRWci+WUd20rUU5EYCTvaBju4z2Gj/0:hnWwvHpVmXpjJIUd2cUusvalxzBj/0
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies system executable filetype association
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy