e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b | Triage

Submit
Reports

Overview

overview

Static

static

8

e6854d0918...2b.exe

windows7-x64

e6854d0918...2b.exe

windows10-2004-x64

Sharing

General

Target

e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b
Size

758KB
Sample

221127-hhwr9abc91
MD5

524fdd641cbc6e74ffcd3edb8220087e
SHA1

018ac1d6c3426f0b46f27bf7b405df48158eca43
SHA256

e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b
SHA512

bb88ebff66cc0d5d993c77dd877ec6cd99ab5dd0d812c942356a2350d4959f6dfde0c7f151ad424f8de4306e1900e2732aed4fbeaa0ac74ad569e80c4c47e0be
SSDEEP

12288:gOdeZJys73dOvXDpNjNe8NeZJys73dOvXDpNjNe8NuxerQZb+md4w1Uw:neZJ8NI8NeZJ8NI80erQZb+md4wmw

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b.exe

Resource

win10v2004-20221111-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b
- Size
  
  758KB
- MD5
  
  524fdd641cbc6e74ffcd3edb8220087e
- SHA1
  
  018ac1d6c3426f0b46f27bf7b405df48158eca43
- SHA256
  
  e6854d0918e9c6a8fb47ebe2719b81998cec9acc54e9b5a4efcc4a0d96fde92b
- SHA512
  
  bb88ebff66cc0d5d993c77dd877ec6cd99ab5dd0d812c942356a2350d4959f6dfde0c7f151ad424f8de4306e1900e2732aed4fbeaa0ac74ad569e80c4c47e0be
- SSDEEP
  
  12288:gOdeZJys73dOvXDpNjNe8NeZJys73dOvXDpNjNe8NuxerQZb+md4w1Uw:neZJ8NI8NeZJ8NI80erQZb+md4wmw
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy