d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1 | Triage

Submit
Reports

Overview

overview

Static

static

1

Replace.exe

windows10-2004-x64

Resubmissions

15-07-2024 12:22

240715-pj7dpszhrl 8

14-07-2024 17:11

240714-vqpp5asckh 8

14-07-2024 17:07

240714-vmz2pasbjb 10

14-07-2024 16:55

240714-ve3gvaygnq 8

01-05-2024 09:05

240501-k2a11abe8v 10

24-03-2023 19:33

230324-x9t53aba7y 10

24-03-2023 19:25

230324-x49nkaba4t 10

Sharing

General

Target

Replace.exe
Size

34.8MB
Sample

230324-x49nkaba4t
MD5

fd5cd14325c51ecab6a57d1d665f8852
SHA1

ea16aa0f197210437733c63a42a8f1dd6442d753
SHA256

d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1
SHA512

9a2e4c8baa01fbafe6968905daeb8d3b7eb62c09d1d7584e973ad1c23d964093e161a51a7390dfaa598d2657f45ca17bf00b5055aeaf0441f875ddb364741d71
SSDEEP

786432:i9hj60qHOBbQcVM3sct6C2ubdsUeGXV4yQnb+LQgRkrm12PYfrB:i9kH+o5sG2ysbhrmka

Score

10^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

Replace.exe

Resource

win10v2004-20230220-en

persistence upx

windows10-2004-x64

19 signatures

300 seconds

Malware Config

Targets

- Target
  
  Replace.exe
- Size
  
  34.8MB
- MD5
  
  fd5cd14325c51ecab6a57d1d665f8852
- SHA1
  
  ea16aa0f197210437733c63a42a8f1dd6442d753
- SHA256
  
  d433cd0ba6b6850a9f616b3b89754a005699547d4e04fadb75cade770156cfd1
- SHA512
  
  9a2e4c8baa01fbafe6968905daeb8d3b7eb62c09d1d7584e973ad1c23d964093e161a51a7390dfaa598d2657f45ca17bf00b5055aeaf0441f875ddb364741d71
- SSDEEP
  
  786432:i9hj60qHOBbQcVM3sct6C2ubdsUeGXV4yQnb+LQgRkrm12PYfrB:i9kH+o5sG2ysbhrmka
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Adds policy Run key to start application
  persistence
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy