d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091 | Triage

Submit
Reports

Overview

overview

Static

static

8

d6eb2aa707...91.exe

windows7-x64

d6eb2aa707...91.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091
Size

255KB
Sample

221029-cf43ysgbd3
MD5

56d4d2d9375e2130d5dd72f84f82c311
SHA1

cfc2258551d49bd5f239664532ec2cb8b1a8b95e
SHA256

d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091
SHA512

7c7d367042f48fc3a3b525cb4088f97276f566fe9f1367d7d6502382efb91ce6462e92d3a5b62b723f089a998a0d105a598b32742f8125c9230dfe28c9ba1a42
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJR:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIq

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091.exe

Resource

win7-20220812-en

evasion persistence trojan upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091
- Size
  
  255KB
- MD5
  
  56d4d2d9375e2130d5dd72f84f82c311
- SHA1
  
  cfc2258551d49bd5f239664532ec2cb8b1a8b95e
- SHA256
  
  d6eb2aa7073347eb2e2945dde3060989d6c1236d2cb9004e4b890963f2ac3091
- SHA512
  
  7c7d367042f48fc3a3b525cb4088f97276f566fe9f1367d7d6502382efb91ce6462e92d3a5b62b723f089a998a0d105a598b32742f8125c9230dfe28c9ba1a42
- SSDEEP
  
  3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJR:1xlZam+akqx6YQJXcNlEHUIQeE3mmBIq
Score

10^/10

evasion persistence trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Modifies WinLogon
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

© 2018-2025

Terms | Privacy