48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0 | Triage

Submit
Reports

Overview

overview

9

Static

static

1

48a73b3a40...e0.exe

windows7-x64

9

48a73b3a40...e0.exe

windows10-2004-x64

9

Sharing

General

Target

48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0
Size

2.3MB
Sample

221125-kd3fcadg32
MD5

8640faa50991a260de7cf73ea56b5461
SHA1

d2a2f5b1a4c3643290e8ce378f3c497c9b6f94d4
SHA256

48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0
SHA512

0ab932f92e210b9171f8fa7cd18ac2ab94a552865bc0fdd72cdc1ebc52e85392730722f3563fd6bb9fc1635e63519d764b89ce600caafa29a5abb506611334cf
SSDEEP

49152:sc+3+iySeZ3sIbHhrQpfHm0RJHqulcsRycArKFU:sca+iTeDQfHm0RJHq9hcArd

Score

9^/10

discovery exploit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0.exe

Resource

win7-20220812-en

discovery exploit persistence upx

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0.exe

Resource

win10v2004-20220901-en

discovery exploit persistence upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0
- Size
  
  2.3MB
- MD5
  
  8640faa50991a260de7cf73ea56b5461
- SHA1
  
  d2a2f5b1a4c3643290e8ce378f3c497c9b6f94d4
- SHA256
  
  48a73b3a40e13d6f6d611522c618043ef14d870be5fb4b87e9c789cba9ca2de0
- SHA512
  
  0ab932f92e210b9171f8fa7cd18ac2ab94a552865bc0fdd72cdc1ebc52e85392730722f3563fd6bb9fc1635e63519d764b89ce600caafa29a5abb506611334cf
- SSDEEP
  
  49152:sc+3+iySeZ3sIbHhrQpfHm0RJHqulcsRycArKFU:sca+iTeDQfHm0RJHq9hcArd
Score

9^/10

discovery exploit persistence upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Modifies RDP port number used by Windows
- Possible privilege escalation attempt
  exploit
- Sets DLL path for service in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistenceupx

behavioral2

discoveryexploitpersistenceupx

© 2018-2024

Terms | Privacy