f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

f186d6f1a9...76.exe

windows7-x64

7

f186d6f1a9...76.exe

windows10-2004-x64

7

Sharing

General

Target

f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176
Size

1.6MB
Sample

230328-k7abnaaa77
MD5

8157423494ad7f97246131d29f7980c5
SHA1

f8ca3db0fada6172a97b7a17b4013d94104a27c5
SHA256

f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176
SHA512

8ed4cc1fc2d3036aceb95f0dc40d10853ad3a2a30ae91a23132f137d9b7a67045035cb163365c735f69f050c247f1102e6490da11551ec9b7ed75b872d0b2ffd
SSDEEP

24576:nXhZgPlXp/4Ec/RVV2sWhzSFiy96TxwkF4HWkDgqm1NTfzdJyHIFQOMyOvOzeAHr:XI5QEdzad62kFm1Q1ZzmLwzegnZY9qE2

Score

7^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176.exe

Resource

win7-20230220-en

persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176.exe

Resource

win10v2004-20230220-en

persistence upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176
- Size
  
  1.6MB
- MD5
  
  8157423494ad7f97246131d29f7980c5
- SHA1
  
  f8ca3db0fada6172a97b7a17b4013d94104a27c5
- SHA256
  
  f186d6f1a9393e4becb4bbd04ca6c8f17b1b1f5c46c4de0ae50932fa6165e176
- SHA512
  
  8ed4cc1fc2d3036aceb95f0dc40d10853ad3a2a30ae91a23132f137d9b7a67045035cb163365c735f69f050c247f1102e6490da11551ec9b7ed75b872d0b2ffd
- SSDEEP
  
  24576:nXhZgPlXp/4Ec/RVV2sWhzSFiy96TxwkF4HWkDgqm1NTfzdJyHIFQOMyOvOzeAHr:XI5QEdzad62kFm1Q1ZzmLwzegnZY9qE2
Score

7^/10

persistence upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy