Overview

overview

8

Static

static

8

EZDJ_P~1.exe

windows7-x64

7

EZDJ_P~1.exe

windows10-2004-x64

7

NEWAUT~1.exe

windows7-x64

8

NEWAUT~1.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    34371b3574a30054271a5440eada9c179c487cf00d2b8335c3a5c8660a1f7597

  • Size

    7.3MB

  • Sample

    221201-hdn7lscg86

  • MD5

    65519ed39c2808c2f2c1972842b9bd63

  • SHA1

    00ac00bf5a3fcfa1580b2e2e023e25e60cc0ad4d

  • SHA256

    34371b3574a30054271a5440eada9c179c487cf00d2b8335c3a5c8660a1f7597

  • SHA512

    f1c0bcd7a09a588eb4e4866f1e1f5b9dbb627ec8d53f18d5ca7adff1d7c7034dc4dc0f0dae07f1add6bb8adb1676b84fe56fff4deb139b76b3bf5357de18607d

  • SSDEEP

    196608:a/Us3xigWdbiuBzgP8yVpXflFFgom7gZgHjwy3chjJF:a/53xDWdiuBzgEYDm7gZgHjwFjJF

Score
8/10
upx

Malware Config

Targets

    • Target

      EZDJ_P~1.EXE

    • Size

      7.1MB

    • MD5

      3dff1e807664fc09ff93e16809224036

    • SHA1

      910f442281db24eef676a7e3f3c708cb63393e03

    • SHA256

      35765a15c21121805050dd12a9969d9ee19ec432086c32894e7909eff9449e5d

    • SHA512

      c79850d15a8a2d708bf5de439d5b26de09905e6a173c4d3730a4a3e83f0336dd36b6f6305d12f79d6602dfd8350afec6a1ffc24f153a3ec1779806570c9b8029

    • SSDEEP

      196608:gysAMfp4l0PyWwP7DukXWpoI7oJj62EjIlSdfDdIv:g7AkpM0PyWwD6sJj62EjIlKdIv

    Score
    7/10

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

    • Target

      NEWAUT~1.EXE

    • Size

      337KB

    • MD5

      042f1e715fc864c28e2ab52d19c6f76e

    • SHA1

      8e1962952826639ec48b077609558b3528c6eb35

    • SHA256

      27a695e1ea6169447ed5f03e06ed5fe339a437bac604abf95a1036dfcc2bb1b5

    • SHA512

      50596d252c5bcfdf9f8522ca1b124e00a90b259b4fce93df8d93a9c0cfb02becdfef90b59243073cf6c4d612a9e3197658a6a9a370d51339a836016909876672

    • SSDEEP

      6144:ElZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lLI7JAf2ekPQtyj:EHLUMuiv9RgfSjAzRtymJAiPA6

    Score
    8/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks