85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd | Triage

Submit
Reports

Overview

overview

Static

static

85ed6e8440...dd.exe

windows7-x64

85ed6e8440...dd.exe

windows10-2004-x64

Sharing

General

Target

85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd
Size

1.0MB
Sample

221029-lsavbacaek
MD5

e7d26058645edc595df4afbf8ff640dd
SHA1

b5f2e4ad0f28cdc425e9e4998b87fe9686e5896c
SHA256

85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd
SHA512

fc39fce4485addf8fcaa2e1062f1286ba81aa11aec996163734568077e70d049d1febf48faec561f1671a6d84d883afc7681ca47c7f419b3fd086f98c6a4024a
SSDEEP

12288:31ka5IyJyL2qNj0Kh3+GbgjYDSYgjlMFhEwkC8WILTcls6iAMEpcqiBxV55WK0oe:Fm2qG4+GVSdYOws/TEpFiBnWo4i/m

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd
- Size
  
  1.0MB
- MD5
  
  e7d26058645edc595df4afbf8ff640dd
- SHA1
  
  b5f2e4ad0f28cdc425e9e4998b87fe9686e5896c
- SHA256
  
  85ed6e8440bbb186f0bc00e2712235c43b60b390dc232d05e99b2f3a6ef07ddd
- SHA512
  
  fc39fce4485addf8fcaa2e1062f1286ba81aa11aec996163734568077e70d049d1febf48faec561f1671a6d84d883afc7681ca47c7f419b3fd086f98c6a4024a
- SSDEEP
  
  12288:31ka5IyJyL2qNj0Kh3+GbgjYDSYgjlMFhEwkC8WILTcls6iAMEpcqiBxV55WK0oe:Fm2qG4+GVSdYOws/TEpFiBnWo4i/m
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy