a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

a7e385cab5...e3.exe

windows7-x64

8

a7e385cab5...e3.exe

windows10-2004-x64

8

Sharing

General

Target

a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3
Size

85KB
Sample

221129-t9f2naae9t
MD5

eb3f29ced2dbc130c73a8382c4df22a2
SHA1

6a9fe8c6c24f8cec5f0655871452144735469a74
SHA256

a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3
SHA512

91452af8efe04651f6729150fdbd56c28819cbe063636406808b742a868d77894fd0a018a43abac039397ca163c2d6f8eb415990fa096746ccbf1ba7059f5114
SSDEEP

1536:1CRkOyEArPjZ9g652xtZGTTkwLoIXXmKg5Ez04lqJLseLJefYVt5b9BDZprk+YDq:1UPd47gYMGnnLoInmKoXF5LJeoLbPZpD

Score

8^/10

microsoft persistence phishing upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe

Resource

win7-20220812-en

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3.exe

Resource

win10v2004-20220901-en

microsoft persistence phishing upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3
- Size
  
  85KB
- MD5
  
  eb3f29ced2dbc130c73a8382c4df22a2
- SHA1
  
  6a9fe8c6c24f8cec5f0655871452144735469a74
- SHA256
  
  a7e385cab51b91f2beba9cef83ad698adf54ee4ee0ee4131bc5bb648f0cf5be3
- SHA512
  
  91452af8efe04651f6729150fdbd56c28819cbe063636406808b742a868d77894fd0a018a43abac039397ca163c2d6f8eb415990fa096746ccbf1ba7059f5114
- SSDEEP
  
  1536:1CRkOyEArPjZ9g652xtZGTTkwLoIXXmKg5Ez04lqJLseLJefYVt5b9BDZprk+YDq:1UPd47gYMGnnLoInmKoXF5LJeoLbPZpD
Score

8^/10

upx microsoft persistence phishing
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishingupx

© 2018-2024

Terms | Privacy