3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e | Triage

Submit
Reports

Overview

overview

Static

static

8

3adf2f2332...3e.exe

windows7-x64

3adf2f2332...3e.exe

windows10-2004-x64

Sharing

General

Target

3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e
Size

135KB
Sample

221123-tec2hsgh5y
MD5

15e9a069a20498412c490944960bda7f
SHA1

c766dea2e1ef3781d135a16ed78cc1674aaf3e50
SHA256

3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e
SHA512

211d5d0f32a7d98cdc6df8783534dc09f2946d2e1e84647ef0a20c04eaed1d5cbe0bb227ac97aa249a26dd9f03e37a4e0e9079a51a9f88f660b413fa7cb3edc4
SSDEEP

1536:VXUq5TXHN9l0jZZ8zjQqBbI2SbyGTJnUpgGDBOfII:VXx5TZ/bxGTJnUpgGFOfII

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e
- Size
  
  135KB
- MD5
  
  15e9a069a20498412c490944960bda7f
- SHA1
  
  c766dea2e1ef3781d135a16ed78cc1674aaf3e50
- SHA256
  
  3adf2f233271b62f5d2986eca2586f873ae02dffe376ee9e710ba5fafa366d3e
- SHA512
  
  211d5d0f32a7d98cdc6df8783534dc09f2946d2e1e84647ef0a20c04eaed1d5cbe0bb227ac97aa249a26dd9f03e37a4e0e9079a51a9f88f660b413fa7cb3edc4
- SSDEEP
  
  1536:VXUq5TXHN9l0jZZ8zjQqBbI2SbyGTJnUpgGDBOfII:VXx5TZ/bxGTJnUpgGFOfII
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy