c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01 | Triage

Submit
Reports

Overview

overview

8

Static

static

c21838a033...01.exe

windows7-x64

8

c21838a033...01.exe

windows10-2004-x64

7

Sharing

General

Target

c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01
Size

743KB
Sample

221203-mah9eaeg3y
MD5

b6e08a65972c4023436c14a359fe73af
SHA1

611847af498d29c8e2404fc7124c994c5f4085b1
SHA256

c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01
SHA512

569d9d02fb73d3637e35f52939436a14d09818431f7663526d6c5f08792a8390da631d64f59ddac08b53f984fc326da3431b73470a5642e5a0cbf7a686527df3
SSDEEP

12288:LczJJhqrVPllvKspPT3GWGqWKNiTic4RVavipq2i3e3eRYSLuzq:LczJKVdD3GzqWTec4RcEq2i3euR/uzq

Score

8^/10

discovery exploit upx

Static task

static1

Behavioral task

behavioral1

Sample

c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01.exe

Resource

win7-20220812-en

discovery exploit upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01
- Size
  
  743KB
- MD5
  
  b6e08a65972c4023436c14a359fe73af
- SHA1
  
  611847af498d29c8e2404fc7124c994c5f4085b1
- SHA256
  
  c21838a03307cd311d7476709346d8a132861859d5eab6a638910fb73f87fc01
- SHA512
  
  569d9d02fb73d3637e35f52939436a14d09818431f7663526d6c5f08792a8390da631d64f59ddac08b53f984fc326da3431b73470a5642e5a0cbf7a686527df3
- SSDEEP
  
  12288:LczJJhqrVPllvKspPT3GWGqWKNiTic4RVavipq2i3e3eRYSLuzq:LczJKVdD3GzqWTec4RcEq2i3euR/uzq
Score

8^/10

discovery exploit upx
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexploitupx

behavioral2

© 2018-2024

Terms | Privacy