d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b | Triage

Submit
Reports

Overview

overview

Static

static

8

d5f2439fae...6b.exe

windows7-x64

d5f2439fae...6b.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b
Size

442KB
Sample

221206-vke9haac8z
MD5

b62a87768b03cf35f0034a5e9737918d
SHA1

72ecbb53ffe6addac34b677967e47357a1037ab7
SHA256

d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b
SHA512

7354ab90e30a5940776d3579cdeaf7e2a7bd1f32b1c718e01c4c64a9daea363a6e38b7e450ea7c12e982144c982815214547b822c9eed2bf5b460d62ff2a14d3
SSDEEP

12288:DnNhuBoY8SorxgmA+nlvVlXI0HH9uyZwPP/h:DPatCg7EPtIcd2J

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b.exe

Resource

win7-20220901-en

evasion persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b.exe

Resource

win10v2004-20220812-en

evasion persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b
- Size
  
  442KB
- MD5
  
  b62a87768b03cf35f0034a5e9737918d
- SHA1
  
  72ecbb53ffe6addac34b677967e47357a1037ab7
- SHA256
  
  d5f2439fae6f9a5445935b6fc1c7775a5df2598c8bf6995b38943e7a9be70c6b
- SHA512
  
  7354ab90e30a5940776d3579cdeaf7e2a7bd1f32b1c718e01c4c64a9daea363a6e38b7e450ea7c12e982144c982815214547b822c9eed2bf5b460d62ff2a14d3
- SSDEEP
  
  12288:DnNhuBoY8SorxgmA+nlvVlXI0HH9uyZwPP/h:DPatCg7EPtIcd2J
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy