368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f | Triage

Submit
Reports

Overview

overview

Static

static

8

368d5f82c9...7f.exe

windows7-x64

368d5f82c9...7f.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f
Size

60KB
Sample

221030-1cx28scecm
MD5

907f966f85a7a987ec594cfe24fa3b15
SHA1

eecf362edc4bd986d98cc5f1bae0c877d732f903
SHA256

368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f
SHA512

6168655318fc9ec664db00fe3efaa8bb41af8f8092c358ce414c31bf415ccf8e31897956ad6ce617edb22747f060e95ffcef9c2b3321fe5a363f8c5be3417a10
SSDEEP

1536:4yZ1sdxlFnqMuxsvV9gJYHLl7/1RNhS89mna:p1+xqzqbgJQLl9RNhSG

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f
- Size
  
  60KB
- MD5
  
  907f966f85a7a987ec594cfe24fa3b15
- SHA1
  
  eecf362edc4bd986d98cc5f1bae0c877d732f903
- SHA256
  
  368d5f82c98b1c39f7b7d31825c1fd00a74eef759ab76e6eced060c7aa70967f
- SHA512
  
  6168655318fc9ec664db00fe3efaa8bb41af8f8092c358ce414c31bf415ccf8e31897956ad6ce617edb22747f060e95ffcef9c2b3321fe5a363f8c5be3417a10
- SSDEEP
  
  1536:4yZ1sdxlFnqMuxsvV9gJYHLl7/1RNhS89mna:p1+xqzqbgJQLl9RNhSG
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy