c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee | Triage

Submit
Reports

Overview

overview

8

Static

static

c4685f11a5...ee.exe

windows7-x64

8

c4685f11a5...ee.exe

windows10-2004-x64

8

Sharing

General

Target

c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee
Size

1.5MB
Sample

221021-v2ygeagdh8
MD5

54639aa125db4aebe41299332989f3a0
SHA1

068acdc404596d7941cf3ab35b90c1fff813913e
SHA256

c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee
SHA512

c2aa4788b72bbe70728396b6f61aa16bba91c2364580097ff829b1372fc12d2b7ea40340b797ce6a6ae00bb34094b317d05ca874871b5b52de5a366e85df1345
SSDEEP

24576:xTOp7CMa34abMhtTEGM91uMUodM/a0MdptbGAD5WdtBGRxsCYr0aG8:5R93EtIGM91uP2M/JpAD5W4xsCSbl

Score

8^/10

discovery exploit upx

Static task

static1

Behavioral task

behavioral1

Sample

c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee.exe

Resource

win7-20220812-en

discovery exploit upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee
- Size
  
  1.5MB
- MD5
  
  54639aa125db4aebe41299332989f3a0
- SHA1
  
  068acdc404596d7941cf3ab35b90c1fff813913e
- SHA256
  
  c4685f11a53a74df878aaa7076ea7e0a64c4a9489ed83961b323b4694860f3ee
- SHA512
  
  c2aa4788b72bbe70728396b6f61aa16bba91c2364580097ff829b1372fc12d2b7ea40340b797ce6a6ae00bb34094b317d05ca874871b5b52de5a366e85df1345
- SSDEEP
  
  24576:xTOp7CMa34abMhtTEGM91uMUodM/a0MdptbGAD5WdtBGRxsCYr0aG8:5R93EtIGM91uP2M/JpAD5W4xsCSbl
Score

8^/10

discovery exploit upx
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitupx

behavioral2

© 2018-2024

Terms | Privacy