24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

Windows 7 ....1.exe

windows10-2004-x64

8

out.exe

windows10-2004-x64

Sharing

General

Target

Windows 7 IconPack By 2013Windows8.1.exe
Size

15.2MB
Sample

230124-v4kckach36
MD5

d54c644994f501358b6074a0ce2f331b
SHA1

863d56e70d675eab6e83909fb587ad9e802bcce2
SHA256

24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99
SHA512

404910ea4caad2d05d9a2292b62d46355d98fb9c9577c4fc5838c6507deb84aabde02ec6557fa36d25ce4829322ef8da315f2573268117da07490bee49f51d7a
SSDEEP

393216:sCBY2ekC/ialj+VaCVeNnCrPYFjvnfIlclildwvki/rsJwN1N:p7+iat+4CkNCEF7fIlldwPrsaTN

Score

8^/10

discovery exploit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Windows 7 IconPack By 2013Windows8.1.exe

Resource

win10v2004-20220812-es

discovery exploit persistence upx

windows10-2004-x64

26 signatures

600 seconds

Behavioral task

behavioral2

Sample

out.exe

Resource

win10v2004-20221111-es

windows10-2004-x64

0 signatures

600 seconds

Malware Config

Targets

- Target
  
  Windows 7 IconPack By 2013Windows8.1.exe
- Size
  
  15.2MB
- MD5
  
  d54c644994f501358b6074a0ce2f331b
- SHA1
  
  863d56e70d675eab6e83909fb587ad9e802bcce2
- SHA256
  
  24a7869b1b222cc2eae561421b7f0c83048ca4c157d44718102a3e674a412e99
- SHA512
  
  404910ea4caad2d05d9a2292b62d46355d98fb9c9577c4fc5838c6507deb84aabde02ec6557fa36d25ce4829322ef8da315f2573268117da07490bee49f51d7a
- SSDEEP
  
  393216:sCBY2ekC/ialj+VaCVeNnCrPYFjvnfIlclildwvki/rsJwN1N:p7+iat+4CkNCEF7fIlldwPrsaTN
Score

8^/10

discovery exploit persistence upx
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Possible privilege escalation attempt
  exploit
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Modifies file permissions
  discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1
- Target
  
  out.upx
- Size
  
  201KB
- MD5
  
  4b22852505b33e9b2d221c310da55f77
- SHA1
  
  8d681ec5491fcfd93f2b2bba28faf41c42bf55f1
- SHA256
  
  0e78c55277fee0b768c3f890de427c35edd49367a2de0ae9ee1d11c0719145d8
- SHA512
  
  3df7c7d3ee8b513f9909ba269cef08398a5364c92d8e30894eb5b99c011e55e744f335bd0e34cdcf50db3e1194691f076dbb161e0e8d1374b13920ab56fe6f73
- SSDEEP
  
  6144:+vlAkAsl3DR2+Mq9ing3vRqHnzf3puuc3:Zk5L2FqpvRQzf3puuc3
Score

1^/10
behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoveryexploitpersistenceupx

behavioral2

© 2018-2024

Terms | Privacy