Overview

overview

10

Static

static

a16b4a834c...e9.exe

windows7-x64

10

a16b4a834c...e9.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a16b4a834cce5f6078682dd5d51fd80505705368616bb6fedc69e5e7f20055e9

  • Size

    146KB

  • Sample

    221129-ex7lhshc3x

  • MD5

    4c780698442ecc24f55df7a587a38d68

  • SHA1

    9596b5886cbffb484d963d20c1de2a04a21490d3

  • SHA256

    a16b4a834cce5f6078682dd5d51fd80505705368616bb6fedc69e5e7f20055e9

  • SHA512

    7aabcf0a7a328d1fe1b5941b5bcffa5a314ce4e0de5801522eb16c384e5ffa8a1ae92e6fc8df9f8068b59f7595f32d643b39b96433deab5b7acf07971795776b

  • SSDEEP

    3072:rNsJHOLmAfVIYckg86upr8TW/qEqa4f9zr2prDw8taw:yHOvfVoN1uwWita4f9zqnwhw

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      a16b4a834cce5f6078682dd5d51fd80505705368616bb6fedc69e5e7f20055e9

    • Size

      146KB

    • MD5

      4c780698442ecc24f55df7a587a38d68

    • SHA1

      9596b5886cbffb484d963d20c1de2a04a21490d3

    • SHA256

      a16b4a834cce5f6078682dd5d51fd80505705368616bb6fedc69e5e7f20055e9

    • SHA512

      7aabcf0a7a328d1fe1b5941b5bcffa5a314ce4e0de5801522eb16c384e5ffa8a1ae92e6fc8df9f8068b59f7595f32d643b39b96433deab5b7acf07971795776b

    • SSDEEP

      3072:rNsJHOLmAfVIYckg86upr8TW/qEqa4f9zr2prDw8taw:yHOvfVoN1uwWita4f9zqnwhw

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.