d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd | Triage

Submit
Reports

Overview

overview

Static

static

8

d57980cf66...fd.exe

windows7-x64

d57980cf66...fd.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd
Size

638KB
Sample

221107-ketjtsadgj
MD5

0e2c559240034863fb3febbcf6d76312
SHA1

45da16198a050f0435088c08850f7adef195b8b0
SHA256

d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd
SHA512

b0067f211788664d224d3664fa8c9061022cadfdc2b6990da1e292741b8387be47cdf63bc54993c3e4585f2992a844f340309e6d7b452fb8de8d152fbeb71b13
SSDEEP

6144:9vZ2iKiZ/QAKVfiROzkViZwc0W/1vNuMqTp/CelAaWjSZ/nWnKCXreO:d7wVfiRuqPW/dgMqIHdjSFWnKCX

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd
- Size
  
  638KB
- MD5
  
  0e2c559240034863fb3febbcf6d76312
- SHA1
  
  45da16198a050f0435088c08850f7adef195b8b0
- SHA256
  
  d57980cf661ee669e71eb50a0f06019e8f519d212fc71907f37bbe1d9b4eddfd
- SHA512
  
  b0067f211788664d224d3664fa8c9061022cadfdc2b6990da1e292741b8387be47cdf63bc54993c3e4585f2992a844f340309e6d7b452fb8de8d152fbeb71b13
- SSDEEP
  
  6144:9vZ2iKiZ/QAKVfiROzkViZwc0W/1vNuMqTp/CelAaWjSZ/nWnKCXreO:d7wVfiRuqPW/dgMqIHdjSFWnKCX
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy