707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20 | Triage

Submit
Reports

Overview

overview

Static

static

8

707a7d056e...20.exe

windows7-x64

707a7d056e...20.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20
Size

255KB
Sample

221124-lsyalshg7x
MD5

889e6c2c0b7b85cc66c35ea249aab0c8
SHA1

0efc86f02d18d384c68a039968f637a40f4092d3
SHA256

707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20
SHA512

6ebb4cf8128aa3aa1cb5838f4331a4253a5cf358520fb57b75de61819717c207251e2f27bd0f39bae6839083a4ba39fac61c5e1fbb975a1111149ffbaec5f859
SSDEEP

3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJB:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI6

Score

10^/10

evasion persistence trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20.exe

Resource

win7-20221111-en

evasion persistence trojan upx

windows7-x64

25 signatures

150 seconds

Behavioral task

behavioral2

Sample

707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20.exe

Resource

win10v2004-20221111-en

evasion persistence trojan upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20
- Size
  
  255KB
- MD5
  
  889e6c2c0b7b85cc66c35ea249aab0c8
- SHA1
  
  0efc86f02d18d384c68a039968f637a40f4092d3
- SHA256
  
  707a7d056e8f1f8f032965f38c8c1273d1b37520c994fb2e5e8a76c562725d20
- SHA512
  
  6ebb4cf8128aa3aa1cb5838f4331a4253a5cf358520fb57b75de61819717c207251e2f27bd0f39bae6839083a4ba39fac61c5e1fbb975a1111149ffbaec5f859
- SSDEEP
  
  3072:MMDb50WrZa8jCgae5+VQkGdUQFDxePZ2SBaQJXkNRtXlNGKaUIQW/qlQBG3mmTJB:1xlZam+akqx6YQJXcNlEHUIQeE3mmBI6
Score

10^/10

evasion persistence trojan upx
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Windows security bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Modifies WinLogon
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojanupx

behavioral2

evasionpersistencetrojanupx

© 2018-2025

Terms | Privacy