407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa | Triage

Submit
Reports

Overview

overview

Static

static

407f68d6d7...aa.exe

windows7-x64

407f68d6d7...aa.exe

windows10-2004-x64

Sharing

General

Target

407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa
Size

384KB
Sample

221020-2gaceahchl
MD5

41b40f8bb29310334434eb60b1c1bc1d
SHA1

37f0e6be39d1e780247f2401afa71ce7de468886
SHA256

407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa
SHA512

4c835165766859084bc2439e16c4a08ba26728b79858fd0dd077e17f2b5809985e8101a944d98f851a081dcac1875de91f39038a2fa484a415f38b130aed147c
SSDEEP

6144:bJGK2pYLlY4c6ue7lfhTuJZrM4l8KONb6/SPcGHciKjyISzTOILNhWOmzTTKWiYy:FGK2pYLlY4c6ue7lfhTuJZrM4l8KONbq

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa
- Size
  
  384KB
- MD5
  
  41b40f8bb29310334434eb60b1c1bc1d
- SHA1
  
  37f0e6be39d1e780247f2401afa71ce7de468886
- SHA256
  
  407f68d6d75b9eafbe009b65c597a987263afdba239a599e421926a41e753caa
- SHA512
  
  4c835165766859084bc2439e16c4a08ba26728b79858fd0dd077e17f2b5809985e8101a944d98f851a081dcac1875de91f39038a2fa484a415f38b130aed147c
- SSDEEP
  
  6144:bJGK2pYLlY4c6ue7lfhTuJZrM4l8KONb6/SPcGHciKjyISzTOILNhWOmzTTKWiYy:FGK2pYLlY4c6ue7lfhTuJZrM4l8KONbq
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy