Overview

overview

8

Static

static

8

d7f04e901c...b8.exe

windows7-x64

8

d7f04e901c...b8.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7f04e901c0900afab082924616e73ff367bb51ca41a91af6d78e233ea86b7b8

  • Size

    37KB

  • Sample

    221207-glhjcsaf92

  • MD5

    6c547f5149fb8aa4d1b810ee3061370e

  • SHA1

    c81c7adce43147eb63948d952fbec54820593a92

  • SHA256

    d7f04e901c0900afab082924616e73ff367bb51ca41a91af6d78e233ea86b7b8

  • SHA512

    dcd806b6eaa2273249a3689c3bf64a4dd958be7e551e11829446118459adbaa32c0572bb2bdc391a73f9395af5c5f1794e91a387a1a9d2083bbff3da74bf6ba6

  • SSDEEP

    768:Ogo5aQN+0py+7IyEgH+RGYu9cXHlg3v3WyGLiX1WMjBDC0Ha9:Zo5aY+0MqIA+RtPXlg/3lFXgMjr

Score
8/10
discoveryexploitupx

Malware Config

Targets

    • Target

      d7f04e901c0900afab082924616e73ff367bb51ca41a91af6d78e233ea86b7b8

    • Size

      37KB

    • MD5

      6c547f5149fb8aa4d1b810ee3061370e

    • SHA1

      c81c7adce43147eb63948d952fbec54820593a92

    • SHA256

      d7f04e901c0900afab082924616e73ff367bb51ca41a91af6d78e233ea86b7b8

    • SHA512

      dcd806b6eaa2273249a3689c3bf64a4dd958be7e551e11829446118459adbaa32c0572bb2bdc391a73f9395af5c5f1794e91a387a1a9d2083bbff3da74bf6ba6

    • SSDEEP

      768:Ogo5aQN+0py+7IyEgH+RGYu9cXHlg3v3WyGLiX1WMjBDC0Ha9:Zo5aY+0MqIA+RtPXlg/3lFXgMjr

    Score
    8/10
    discoveryexploitupx

    • Possible privilege escalation attempt

      exploit

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks