024e5a2bef86fcfab4c9ee4d540e0468a2281b889e632366a2a0ce788becd27e | Triage

Submit
Reports

Overview

overview

9

Static

static

s11111etup-hall.exe

windows7-x64

9

s11111etup-hall.exe

windows10-2004-x64

9

Sharing

General

Target

024e5a2bef86fcfab4c9ee4d540e0468a2281b889e632366a2a0ce788becd27e
Size

26.0MB
Sample

221126-lrkywsbf61
MD5

1f252dde759d798e6012fc7495e21118
SHA1

ba8fcb3b5f1645775ace4cc9fdebfd22f8e57ccc
SHA256

024e5a2bef86fcfab4c9ee4d540e0468a2281b889e632366a2a0ce788becd27e
SHA512

71bdcf233ed403b539cb3b65f28dec9237f8f77ed5395aea651d07b2af89f48440c30824b699322d53e7ddca3efcaaaf1488787807f0eabb5c607a0defa999de
SSDEEP

393216:T5oeevFjjV3IxQILWalbLSGcuO7ilnrgv0TQT0ntb70cgrgnZP2oFCJKhxbQ:VoTdFalb+G3Omlnu0ntjbZP2oFAv

Score

9^/10

discovery exploit upx

Static task

static1

Behavioral task

behavioral1

Sample

s11111etup-hall.exe

Resource

win7-20221111-en

discovery exploit upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

s11111etup-hall.exe

Resource

win10v2004-20221111-en

discovery exploit upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  s11111etup-hall.exe
- Size
  
  26.0MB
- MD5
  
  5d67bb43360716d0c964ce9e7946300e
- SHA1
  
  1b00bb81f660f738a9d0c1bdb0caa4e770888999
- SHA256
  
  930cd80a6be9bc4be07c14e47f0f3b1cd7718e9cc6f609ef4d527d083fac423a
- SHA512
  
  9bd129d2120a1302e874d58c1fd965edb84fa809747bd9fe570934d474308fbfd4654472cf6109b13230ed1a990d154336af347c781429081a11616a2503a290
- SSDEEP
  
  393216:G5oeevFjjV3IxQILWalbLSGcuO7ilnrgv0TQT0ntb70cgrgnZP2oFCJKhxbz:QoTdFalb+G3Omlnu0ntjbZP2oFAG
Score

9^/10

discovery exploit upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops file in Drivers directory
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Program crash
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitupx

behavioral2

discoveryexploitupx

© 2018-2024

Terms | Privacy