a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf | Triage

Submit
Reports

Overview

overview

Static

static

8

a4f1b36be9...bf.exe

windows7-x64

a4f1b36be9...bf.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf
Size

565KB
Sample

221127-w7y6kahh47
MD5

20c692eeae5bcdfa788f9ced608cd4f1
SHA1

d416b3e69d671b418299070363f0ce392fc19a99
SHA256

a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf
SHA512

157509a340492b74ea4ad4ee8e5b6e75459b24e00881d9067f201f52121400beaa6dbce8501cb46ea94889c8af8abfc75ed1d7a53600c777d7d0b0c78d9d1972
SSDEEP

6144:5uHOJrG1VVE+I5E2EorG1VVE+I2GFrQZb++tdsHP4+QfI6Uw:gO9uVkuxerQZb+md4w1Uw

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf
- Size
  
  565KB
- MD5
  
  20c692eeae5bcdfa788f9ced608cd4f1
- SHA1
  
  d416b3e69d671b418299070363f0ce392fc19a99
- SHA256
  
  a4f1b36be9e5e60157fd65a5db5f6bf4965fce3817116b9604ecbd9c640e81bf
- SHA512
  
  157509a340492b74ea4ad4ee8e5b6e75459b24e00881d9067f201f52121400beaa6dbce8501cb46ea94889c8af8abfc75ed1d7a53600c777d7d0b0c78d9d1972
- SSDEEP
  
  6144:5uHOJrG1VVE+I5E2EorG1VVE+I2GFrQZb++tdsHP4+QfI6Uw:gO9uVkuxerQZb+md4w1Uw
Score

10^/10

evasion persistence upx
- Modifies visibility of file extensions in Explorer
  evasion
- Blocks application from running via registry modification
  Adds application to list of disallowed applications.
  evasion
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy