905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971 | Triage

Submit
Reports

Overview

overview

Static

static

905570fe73...71.exe

windows7-x64

905570fe73...71.exe

windows10-2004-x64

Sharing

General

Target

905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971
Size

288KB
Sample

221201-br7gsabh99
MD5

4243ff07d89c9c2af4aa4d454979f369
SHA1

a10542960d987d1526820d186f8fe79f89eb7774
SHA256

905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971
SHA512

2102342ef8ee381bab4a8f538d6327a7d968094e0046b837e6e24f9b7c425fa678a45689d63b3f31d0f46f29e265fa93e7ea7d2bbb11b637a770e9b7c46ce4de
SSDEEP

6144:zo1WKQBJSsWGFustFC1lVc3uU4d/t56jdxRHJ2PfDC:k1WnnFJu+wrowt56jdh2b

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971
- Size
  
  288KB
- MD5
  
  4243ff07d89c9c2af4aa4d454979f369
- SHA1
  
  a10542960d987d1526820d186f8fe79f89eb7774
- SHA256
  
  905570fe738c8d94aebe4922f1ae1e3e6373a668d2b246fbd26a3e5fd7871971
- SHA512
  
  2102342ef8ee381bab4a8f538d6327a7d968094e0046b837e6e24f9b7c425fa678a45689d63b3f31d0f46f29e265fa93e7ea7d2bbb11b637a770e9b7c46ce4de
- SSDEEP
  
  6144:zo1WKQBJSsWGFustFC1lVc3uU4d/t56jdxRHJ2PfDC:k1WnnFJu+wrowt56jdh2b
Score

10^/10

evasion persistence upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables Task Manager via registry modification
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy