ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1 | Triage

Submit
Reports

Overview

overview

Static

static

8

ef745b3e0b...a1.exe

windows7-x64

ef745b3e0b...a1.exe

windows10-2004-x64

Sharing

General

Target

ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1
Size

590KB
Sample

221125-x8mplaac52
MD5

88308074e4db96772825ed3e257c0adb
SHA1

a356c2e2ecfaade0c62b361d89eb058784f78c4d
SHA256

ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1
SHA512

dfb45a5204250e0c35ff3775db6f2610d6b182d97258b6253fabe6c614141f2ed75168e61cbd8250f60398e9f894c8d3e713e14f1e2b529bc9d1a87ce8f63717
SSDEEP

12288:J6Wq4aaE6KwyF5L0Y2D1PqLc0WLakcXhjtI2RTDXoLsa0P6p:fthEVaPqLCLvcXh5I2RTMCQ

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1
- Size
  
  590KB
- MD5
  
  88308074e4db96772825ed3e257c0adb
- SHA1
  
  a356c2e2ecfaade0c62b361d89eb058784f78c4d
- SHA256
  
  ef745b3e0b695e3f29eb20e3d1a8524afabdd8eb59457239af76021556c39ca1
- SHA512
  
  dfb45a5204250e0c35ff3775db6f2610d6b182d97258b6253fabe6c614141f2ed75168e61cbd8250f60398e9f894c8d3e713e14f1e2b529bc9d1a87ce8f63717
- SSDEEP
  
  12288:J6Wq4aaE6KwyF5L0Y2D1PqLc0WLakcXhjtI2RTDXoLsa0P6p:fthEVaPqLCLvcXh5I2RTMCQ
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops startup file
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy