Overview

overview

10

Static

static

a52221256c...55.exe

windows7-x64

1

a52221256c...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    8s
  • max time network
    11s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-10-2022 15:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a52221256cbad99355bdc1d4f39e75b39e8ac1aeee690b16dfedd9246c30d855.exe

  • Size

    36KB

  • MD5

    b13503d3caf5584720a03e30cc78368d

  • SHA1

    1b2e9c74b05a8a1b511727d488017cf3045042c7

  • SHA256

    a52221256cbad99355bdc1d4f39e75b39e8ac1aeee690b16dfedd9246c30d855

  • SHA512

    e6a8516ab0f53c859902a87f0ac106bfa17117310a2b2381b8a8076d3ade9dae967e0cac3b9390223f1bceb7939dea1b4cda250d913d23c75b240612893a9ceb

  • SSDEEP

    768:kf1Y9RRw/dUT6vurGd/pkUOyGAv+rh95kyq0Quh:GY9jw/dUT62rGdiUOWWrNH

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a52221256cbad99355bdc1d4f39e75b39e8ac1aeee690b16dfedd9246c30d855.exe
    "C:\Users\Admin\AppData\Local\Temp\a52221256cbad99355bdc1d4f39e75b39e8ac1aeee690b16dfedd9246c30d855.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:4392

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    36KB

    MD5

    46cb801c0d006a81e7930a76ac2b28fe

    SHA1

    a25936fcb5bb1ecdee8e2e56d5d92031e302f4b5

    SHA256

    b39f7ade991faab0e06c5e55c49d22d75e15bfaffe1d8369c094147d2493d85b

    SHA512

    4893b879b228de9a1955147823f6e871db9de8cc80e8bc79e9eb57f383947d8f03956e98cee47f0a1ade1fe91d739399be3500bbdec59bbbc7222beeecfe6864

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    36KB

    MD5

    46cb801c0d006a81e7930a76ac2b28fe

    SHA1

    a25936fcb5bb1ecdee8e2e56d5d92031e302f4b5

    SHA256

    b39f7ade991faab0e06c5e55c49d22d75e15bfaffe1d8369c094147d2493d85b

    SHA512

    4893b879b228de9a1955147823f6e871db9de8cc80e8bc79e9eb57f383947d8f03956e98cee47f0a1ade1fe91d739399be3500bbdec59bbbc7222beeecfe6864

    Download Submit