ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec | Triage

Submit
Reports

Overview

overview

Static

static

ee15d63fb0...ec.exe

windows7-x64

ee15d63fb0...ec.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec
Size

1.4MB
Sample

221129-n4lgasfg37
MD5

c630c1a06513fa4304adef4d719c3e66
SHA1

70d5cccb9378fe093fad20255fdc3d40b6b42e53
SHA256

ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec
SHA512

2dde77ab8b833d3c65164b2c71d59fd4a99dba6c34bda7335eecbedfb77454c59c25008fde1c88594110aea5a39dd62610f8f83b3e64d4a24b3d80069247f366
SSDEEP

12288:K7bx5YC+ls35Tuc2rmbx0S084eMJBV7Mb11khF8+5lg:K79EWhMmEF8

Score

10^/10

evasion upx

Static task

static1

Behavioral task

behavioral1

Sample

ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec.exe

Resource

win7-20220812-en

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec
- Size
  
  1.4MB
- MD5
  
  c630c1a06513fa4304adef4d719c3e66
- SHA1
  
  70d5cccb9378fe093fad20255fdc3d40b6b42e53
- SHA256
  
  ee15d63fb091e6eb0022bacfe9dde198381252ca0aa1bcdabc50aff7ee19f1ec
- SHA512
  
  2dde77ab8b833d3c65164b2c71d59fd4a99dba6c34bda7335eecbedfb77454c59c25008fde1c88594110aea5a39dd62610f8f83b3e64d4a24b3d80069247f366
- SSDEEP
  
  12288:K7bx5YC+ls35Tuc2rmbx0S084eMJBV7Mb11khF8+5lg:K79EWhMmEF8
Score

10^/10

evasion upx
- Modifies firewall policy service
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy