79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532 | Triage

Submit
Reports

Overview

overview

Static

static

8

79dfe8fa14...32.exe

windows7-x64

79dfe8fa14...32.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532
Size

448KB
Sample

221029-mlgjyscdc2
MD5

93965d943bcba08fb32d173d33e4b436
SHA1

374846bbaf30d96e5e0a77429d0c1bcc03d1808a
SHA256

79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532
SHA512

c0b41e8eb2e319a0a29f41ae632a3fddcbfedaaa71cb1b1c7d45a072209b113f87c7a17a8cf5f51008139e73f421e2dbd4b039c1e68850b0f234c99a02123c37
SSDEEP

6144:5uHOyrG1VVE+I5E2EZ/UOPSe570Szp3irG1VVE+Iznmy+g4g/UOPSe570Szp3y:gOWuVyOB0Ju0UOB0H

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532
- Size
  
  448KB
- MD5
  
  93965d943bcba08fb32d173d33e4b436
- SHA1
  
  374846bbaf30d96e5e0a77429d0c1bcc03d1808a
- SHA256
  
  79dfe8fa14302d5594414aff2c5cbf625dc4448130a918e17e703a170c35a532
- SHA512
  
  c0b41e8eb2e319a0a29f41ae632a3fddcbfedaaa71cb1b1c7d45a072209b113f87c7a17a8cf5f51008139e73f421e2dbd4b039c1e68850b0f234c99a02123c37
- SSDEEP
  
  6144:5uHOyrG1VVE+I5E2EZ/UOPSe570Szp3irG1VVE+Iznmy+g4g/UOPSe570Szp3y:gOWuVyOB0Ju0UOB0H
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy