bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b | Triage

Submit
Reports

Overview

overview

Static

static

bcb72ffc7a...0b.exe

windows7-x64

bcb72ffc7a...0b.exe

windows10-2004-x64

Sharing

General

Target

bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b
Size

500KB
Sample

221125-szlzgsbg3s
MD5

683ba16fc97a52c41c0c407a6b379fee
SHA1

797a88f51a8fc6b3f4fc1ee0a0fa1d8f691f088f
SHA256

bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b
SHA512

02686f40f85aac6efc1489d2e181a213dee2bbbb76a574f75c796e5a35b26f6b805bed3c91208c73327a0409866843f06cf6868359553273b779ad5974e2541d
SSDEEP

12288:XKBLWoD1fKBLWoD1anB9+LEh/TyiAgTwLTtkeVcEE9zSwZfTyQcj4Ihz6lvdKw3J:XKFD1fKFD1anB9+LEh/TyiAgTwLTtke8

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b.exe

Resource

win10v2004-20221111-en

evasion persistence upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b
- Size
  
  500KB
- MD5
  
  683ba16fc97a52c41c0c407a6b379fee
- SHA1
  
  797a88f51a8fc6b3f4fc1ee0a0fa1d8f691f088f
- SHA256
  
  bcb72ffc7af798ea42e0ef8dc9617b736433a5667f9e88f96cfea5b24b796b0b
- SHA512
  
  02686f40f85aac6efc1489d2e181a213dee2bbbb76a574f75c796e5a35b26f6b805bed3c91208c73327a0409866843f06cf6868359553273b779ad5974e2541d
- SSDEEP
  
  12288:XKBLWoD1fKBLWoD1anB9+LEh/TyiAgTwLTtkeVcEE9zSwZfTyQcj4Ihz6lvdKw3J:XKFD1fKFD1anB9+LEh/TyiAgTwLTtke8
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy