966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3 | Triage

Submit
Reports

Overview

overview

Static

static

8

966eb55e68...c3.exe

windows7-x64

966eb55e68...c3.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3
Size

169KB
Sample

221204-p51haaah82
MD5

d937302e55853e8ff164d50c9a586632
SHA1

f33d6acad3d9669ce46c54afc8a0a2abd4cc7c90
SHA256

966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3
SHA512

fe575f6c98b9175ae95184f7b2fac3d239f4c1f1178cfa6765a2fb55da47b9ee33522e9556f5825c12015ff79ed9ec572e05ad84e8df9468feb423ab83633e4a
SSDEEP

1536:8ybBm4TdrvqMa4M7H8JTcdr405kanhduwfXASw5FgA/:8ybBm4TO4bYZ4nahXXNmOA/

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3
- Size
  
  169KB
- MD5
  
  d937302e55853e8ff164d50c9a586632
- SHA1
  
  f33d6acad3d9669ce46c54afc8a0a2abd4cc7c90
- SHA256
  
  966eb55e68756934dcf2f7ba51e7d7134ed7a1f49727a3bdbc79f44d06fad4c3
- SHA512
  
  fe575f6c98b9175ae95184f7b2fac3d239f4c1f1178cfa6765a2fb55da47b9ee33522e9556f5825c12015ff79ed9ec572e05ad84e8df9468feb423ab83633e4a
- SSDEEP
  
  1536:8ybBm4TdrvqMa4M7H8JTcdr405kanhduwfXASw5FgA/:8ybBm4TO4bYZ4nahXXNmOA/
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy