c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45 | Triage

Submit
Reports

Overview

overview

8

Static

static

c13a77c04a...45.exe

windows7-x64

8

c13a77c04a...45.exe

windows10-2004-x64

8

Sharing

General

Target

c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45
Size

588KB
Sample

221223-ddbjasff89
MD5

e2cf99bafbaf97caeb1e168f08d5b9a7
SHA1

93e3f7a0a438ed62058fafecce927960959e64cc
SHA256

c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45
SHA512

ea6b44e5c0381f8c5febecfc114f643871b0d765e9fff7b185d2d8b43de2845e9dcf3f490ccc28fe6b2b07d4396aeccba541fc40d11c7b0c0d979ad6ce5c591b
SSDEEP

12288:NeRtB1zxiB1UOab0y8msR/UWyUAMF95ofKxsS+/Oym/+L:uj1xiB1Dab0yiUW1AYSKGSgiWL

Score

8^/10

discovery exploit persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45.exe

Resource

win7-20221111-en

discovery exploit persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45.exe

Resource

win10v2004-20221111-en

discovery exploit persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45
- Size
  
  588KB
- MD5
  
  e2cf99bafbaf97caeb1e168f08d5b9a7
- SHA1
  
  93e3f7a0a438ed62058fafecce927960959e64cc
- SHA256
  
  c13a77c04a9e6d13275c98f60b63cd2415c622b96bdd31ddfb600d2e6c798d45
- SHA512
  
  ea6b44e5c0381f8c5febecfc114f643871b0d765e9fff7b185d2d8b43de2845e9dcf3f490ccc28fe6b2b07d4396aeccba541fc40d11c7b0c0d979ad6ce5c591b
- SSDEEP
  
  12288:NeRtB1zxiB1UOab0y8msR/UWyUAMF95ofKxsS+/Oym/+L:uj1xiB1Dab0yiUW1AYSKGSgiWL
Score

8^/10

discovery exploit persistence upx
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistenceupx

behavioral2

discoveryexploitpersistenceupx

© 2018-2024

Terms | Privacy