Overview

overview

10

Static

static

9f571e2ca8...14.exe

windows7-x64

1

9f571e2ca8...14.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    10s
  • max time network
    2s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2022 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f571e2ca8f5a9dc2c90551690625bae28a6e8f52dcbaae93e01efaa34828e14.exe

  • Size

    34KB

  • MD5

    b5f484312c0d6aa92f1c06f1694800b4

  • SHA1

    6997bce7000cf7bbc8cedcd758ba4ef6011123f5

  • SHA256

    9f571e2ca8f5a9dc2c90551690625bae28a6e8f52dcbaae93e01efaa34828e14

  • SHA512

    c4a4af5c45fc9bdbf057bc5525ab2d420a65a34c8f7218e80d7cc5bf6c503e19b08f3b99bbe094594b09e58c80b16aa930743b41b2ed5f72b94ade91052bafbf

  • SSDEEP

    768:kf1Y9RRw/dUT6vurGd/pkUOyGAv+rCBsPGTLKu:GY9jw/dUT62rGdiUOWWrC6P6Wu

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f571e2ca8f5a9dc2c90551690625bae28a6e8f52dcbaae93e01efaa34828e14.exe
    "C:\Users\Admin\AppData\Local\Temp\9f571e2ca8f5a9dc2c90551690625bae28a6e8f52dcbaae93e01efaa34828e14.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:3628

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    34KB

    MD5

    3774fabdf2b708ad58e93951403e57a0

    SHA1

    a56efa3b0e95184aa72d6a1554ceae75ce5ddea8

    SHA256

    f01830158d12c678aeff0b3067398fbf7f1b2af723ebddc08084d63ed6bb2a4b

    SHA512

    9d85568c73c92693f1b4521467e6013bf9f0651fa8ff076b1af75f5f716ceade34113bd4b548d16ef8dd49439c0ae584e982e305697b63ac8918a78f14cbea96

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    34KB

    MD5

    3774fabdf2b708ad58e93951403e57a0

    SHA1

    a56efa3b0e95184aa72d6a1554ceae75ce5ddea8

    SHA256

    f01830158d12c678aeff0b3067398fbf7f1b2af723ebddc08084d63ed6bb2a4b

    SHA512

    9d85568c73c92693f1b4521467e6013bf9f0651fa8ff076b1af75f5f716ceade34113bd4b548d16ef8dd49439c0ae584e982e305697b63ac8918a78f14cbea96

    Download Submit