d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda | Triage

Submit
Reports

Overview

overview

8

Static

static

8

d7efbf3303...da.exe

windows7-x64

8

d7efbf3303...da.exe

windows10-2004-x64

8

Sharing

General

Target

d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda
Size

37KB
Sample

221203-mmp8gsfd8z
MD5

21314b8973d0026469aab5e3463d82f5
SHA1

e5c7ce7504d6507cca2f6917c68f83c6a54143a2
SHA256

d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda
SHA512

8fb47fed6a38464276da3ba900624e008563a3efef7a05312c887e1e4a0a430d9654e4c2ac0af5f82de59886e2fc5be9f00e02b3a3985ea5ae89f2dd5021634c
SSDEEP

768:ICErOo2SvXDOy5UUt/o78b0yrUyiA01tGAYKMwF10RaPR:IVOo2S7OyOUoob0fA01tGA4wF1wU

Score

8^/10

discovery persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda.exe

Resource

win7-20220812-en

discovery persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda.exe

Resource

win10v2004-20220812-en

discovery persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda
- Size
  
  37KB
- MD5
  
  21314b8973d0026469aab5e3463d82f5
- SHA1
  
  e5c7ce7504d6507cca2f6917c68f83c6a54143a2
- SHA256
  
  d7efbf3303f6524d3a04ffc58957d57d92032fde2368df7272cc414fa5229dda
- SHA512
  
  8fb47fed6a38464276da3ba900624e008563a3efef7a05312c887e1e4a0a430d9654e4c2ac0af5f82de59886e2fc5be9f00e02b3a3985ea5ae89f2dd5021634c
- SSDEEP
  
  768:ICErOo2SvXDOy5UUt/o78b0yrUyiA01tGAYKMwF10RaPR:IVOo2S7OyOUoob0fA01tGA4wF1wU
Score

8^/10

discovery persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceupx

behavioral2

discoverypersistenceupx

© 2018-2024

Terms | Privacy