b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f | Triage

Submit
Reports

Overview

overview

Static

static

b7a3050ee6...0f.exe

windows7-x64

b7a3050ee6...0f.exe

windows10-2004-x64

Sharing

General

Target

b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f
Size

1.0MB
Sample

221206-mqt1vadd2w
MD5

c1531d22af6f9310a33649b65c59e268
SHA1

76e1a348db1020570d9bb2bc5b10c07a1b476080
SHA256

b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f
SHA512

ee382b37bfc27474e3bb8853fd8092b8171f50e5037e67ee10fb20df6b59b4ad3aa1167a77c6740123f3e2d3644a884837076f4c0e8627d0c898aa2302ec8e95
SSDEEP

12288:pb7RLI78pE/m4L9RnYJMP1cfQArt7k7TSEnozTYGbTB4NsM2PEaCxQoXjGblg+Ez:dk/mjuRu7yPo4iCz8Se6

Score

10^/10

evasion persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f.exe

Resource

win7-20220812-en

evasion persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f.exe

Resource

win10v2004-20221111-en

evasion persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f
- Size
  
  1.0MB
- MD5
  
  c1531d22af6f9310a33649b65c59e268
- SHA1
  
  76e1a348db1020570d9bb2bc5b10c07a1b476080
- SHA256
  
  b7a3050ee603440fdf8a865319342f65f6c93983e998ca700e6852d32f05270f
- SHA512
  
  ee382b37bfc27474e3bb8853fd8092b8171f50e5037e67ee10fb20df6b59b4ad3aa1167a77c6740123f3e2d3644a884837076f4c0e8627d0c898aa2302ec8e95
- SSDEEP
  
  12288:pb7RLI78pE/m4L9RnYJMP1cfQArt7k7TSEnozTYGbTB4NsM2PEaCxQoXjGblg+Ez:dk/mjuRu7yPo4iCz8Se6
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Modifies Installed Components in the registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy