78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90 | Triage

Submit
Reports

Overview

overview

Static

static

8

78503764f7...90.exe

windows7-x64

78503764f7...90.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90
Size

288KB
Sample

221204-a995ysgc6v
MD5

19a7beb8ce93d318cf6f5af484960e10
SHA1

8b297c1976659666eb68208cf71afe537b37adc9
SHA256

78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90
SHA512

be9e1684fc85c53555c57f4644de40ff42263cfdbf1164fb43f1f47de14e739990fd078180e1f960cb12bebbfa727db938f32e4374a3bca9885c7541697552e9
SSDEEP

6144:6YZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UOV7Khx0H:6SNC80I+cR3R03VseuOVw6

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90
- Size
  
  288KB
- MD5
  
  19a7beb8ce93d318cf6f5af484960e10
- SHA1
  
  8b297c1976659666eb68208cf71afe537b37adc9
- SHA256
  
  78503764f7906f592910697087ae6bdcc7850e8b9ec79bff78ae406d23a88b90
- SHA512
  
  be9e1684fc85c53555c57f4644de40ff42263cfdbf1164fb43f1f47de14e739990fd078180e1f960cb12bebbfa727db938f32e4374a3bca9885c7541697552e9
- SSDEEP
  
  6144:6YZTNk3D6LyUXwLLk+cR3qh0GQ43VJRD0ew+/UOV7Khx0H:6SNC80I+cR3R03VseuOVw6
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy