c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79 | Triage

Submit
Reports

Overview

overview

Static

static

8

c5ac63420f...79.exe

windows7-x64

c5ac63420f...79.exe

windows10-2004-x64

Sharing

General

Target

c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79
Size

197KB
Sample

221204-j283csbc36
MD5

91f678982da4c4cba3f8f92e590d0b48
SHA1

ab8589c9ef664f438891fd39284ca76315b57a38
SHA256

c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79
SHA512

a97655ada4022553ee472542c62037004468fbe5ac2d1dbb14b1432b22ee71a892766b311703dfed4fa93acf9ef69e6e081ac97df0b5b18941b24ec26af34846
SSDEEP

3072:92RKXhQc1J5v3yQU7BzyrxjJlWZR6OGtACo3FIBP48ahMaYC83M3qXMZVsLh4B:gR4Gc1DnlSR6btwFIl4laPDqqmO

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79.exe

Resource

win7-20221111-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79.exe

Resource

win10v2004-20220901-en

evasion persistence upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79
- Size
  
  197KB
- MD5
  
  91f678982da4c4cba3f8f92e590d0b48
- SHA1
  
  ab8589c9ef664f438891fd39284ca76315b57a38
- SHA256
  
  c5ac63420f19c63bb1883b85daa800441cce3f2c79447b85d03108d0dbb75e79
- SHA512
  
  a97655ada4022553ee472542c62037004468fbe5ac2d1dbb14b1432b22ee71a892766b311703dfed4fa93acf9ef69e6e081ac97df0b5b18941b24ec26af34846
- SSDEEP
  
  3072:92RKXhQc1J5v3yQU7BzyrxjJlWZR6OGtACo3FIBP48ahMaYC83M3qXMZVsLh4B:gR4Gc1DnlSR6btwFIl4laPDqqmO
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy