cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

cabbc8506c...24.exe

windows7-x64

8

cabbc8506c...24.exe

windows10-2004-x64

8

Sharing

General

Target

cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24
Size

32KB
Sample

221124-qzpn9sgd47
MD5

461caa595d898e273656853c337d81c4
SHA1

3ad2dfade3fce9aaac15be62f8915e97e7d9b5bb
SHA256

cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24
SHA512

12d44b86edd8bae7d57a395a781ddc7987a80a1b382d7954907282dba1acdb9dd47333aa84786d970effbf4b755c7ec8a51f9e64d30de8934c60453dba47c8a7
SSDEEP

768:cmR1BFbVRYbxdzbQuihXmixjBgdI5xPAe:VFOzbQuiIQju2rAe

Score

8^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24.exe

Resource

win7-20220812-en

persistence upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24.exe

Resource

win10v2004-20220812-en

persistence upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24
- Size
  
  32KB
- MD5
  
  461caa595d898e273656853c337d81c4
- SHA1
  
  3ad2dfade3fce9aaac15be62f8915e97e7d9b5bb
- SHA256
  
  cabbc8506ce5342b40aac8b08e5ca0f5b97c792b2e4af6ed2e6aae6c9c93ef24
- SHA512
  
  12d44b86edd8bae7d57a395a781ddc7987a80a1b382d7954907282dba1acdb9dd47333aa84786d970effbf4b755c7ec8a51f9e64d30de8934c60453dba47c8a7
- SSDEEP
  
  768:cmR1BFbVRYbxdzbQuihXmixjBgdI5xPAe:VFOzbQuiIQju2rAe
Score

8^/10

persistence upx
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy