893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

893e59d63f...94.exe

windows7-x64

8

893e59d63f...94.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894
Size

294KB
Sample

221203-zfzjssdd28
MD5

0e589dc718978b73ed7f0254e4e3a9af
SHA1

374bec41a2013ecaa7a42a17df32d08a846818f7
SHA256

893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894
SHA512

9477c4bad8e2e7c38c0199f8051f27fed1b570936268086603b3022dc6105ff2918dee744853ef57da230b9620cc12cb0ebfbae26b332c3eae665b9d060ca7eb
SSDEEP

6144:KWrbUaaWGp3Bua8w3tkRfFFvW72dqeDG2omltDd0+MhoMnXCGGjGGtGGxGgG0GyE:Kc4aaNitwdAfFF9gPaFMuMnXji6

Score

8^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894
- Size
  
  294KB
- MD5
  
  0e589dc718978b73ed7f0254e4e3a9af
- SHA1
  
  374bec41a2013ecaa7a42a17df32d08a846818f7
- SHA256
  
  893e59d63fa9947838bae5fdf6ff0cdebc5ebe81d1ffd82d543a8c4daf9ab894
- SHA512
  
  9477c4bad8e2e7c38c0199f8051f27fed1b570936268086603b3022dc6105ff2918dee744853ef57da230b9620cc12cb0ebfbae26b332c3eae665b9d060ca7eb
- SSDEEP
  
  6144:KWrbUaaWGp3Bua8w3tkRfFFvW72dqeDG2omltDd0+MhoMnXCGGjGGtGGxGgG0GyE:Kc4aaNitwdAfFF9gPaFMuMnXji6
Score

8^/10

evasion persistence upx
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

© 2018-2025

Terms | Privacy