fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5 | Triage

Submit
Reports

Overview

overview

Static

static

8

fe3285ac8e...b5.exe

windows7-x64

fe3285ac8e...b5.exe

windows10-2004-x64

Sharing

General

Target

fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5
Size

974KB
Sample

221126-236yhabh89
MD5

c979e6f0a876ab948aa757af41810131
SHA1

303ab1ff202dafe13bc04cf80854ded9f69566cf
SHA256

fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5
SHA512

8db89f88c367911f6009ab702a459f8b7474201fb6e92050f475673c9e994413eb366b740be0f825c45e8ef87c8905c31102ed69a135a03ee577597d521f8e84
SSDEEP

12288:gOKLuVkuxerQZb+md4w1UWoGeLKerQZb+md4w1UM:w0JerQZb+md4wmWoj+erQZb+md4wmM

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5.exe

Resource

win10v2004-20221111-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5
- Size
  
  974KB
- MD5
  
  c979e6f0a876ab948aa757af41810131
- SHA1
  
  303ab1ff202dafe13bc04cf80854ded9f69566cf
- SHA256
  
  fe3285ac8e4f9879c1c00f805d35ecc83bf3060011fd7d9c2e3bb37a124a1bb5
- SHA512
  
  8db89f88c367911f6009ab702a459f8b7474201fb6e92050f475673c9e994413eb366b740be0f825c45e8ef87c8905c31102ed69a135a03ee577597d521f8e84
- SSDEEP
  
  12288:gOKLuVkuxerQZb+md4w1UWoGeLKerQZb+md4w1UM:w0JerQZb+md4wmWoj+erQZb+md4wmM
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy