c43ee639d5bd670380d60f87cbc5ec33dfb86f13f73dca0e1add6ad174dd3927 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

CMS.exe

windows7-x64

7

CMS.exe

windows10-2004-x64

7

Sharing

General

Target

CMS.exe
Size

30.9MB
Sample

230614-t65kvabf31
MD5

805286832dbafa6f8656d2195e0de804
SHA1

a03be35bcce8e82d301e0feed30e74d4ae32c164
SHA256

c43ee639d5bd670380d60f87cbc5ec33dfb86f13f73dca0e1add6ad174dd3927
SHA512

3cfc9f3fd4ab0feb8a82788e43d9f964d9de35624972758e4f0da27adbad5a5af6a0502057818cbc9f7bf8041003904196aa30c116a8ff9fe5ff2eeec1720260
SSDEEP

786432:KFRzzjjR5HPHB0/a0yuCtVjw6x1CVVEJi0:Ezp5vHB0y0BCbx1e6

Score

7^/10

upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

CMS.exe

Resource

win7-20230220-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

CMS.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  CMS.exe
- Size
  
  30.9MB
- MD5
  
  805286832dbafa6f8656d2195e0de804
- SHA1
  
  a03be35bcce8e82d301e0feed30e74d4ae32c164
- SHA256
  
  c43ee639d5bd670380d60f87cbc5ec33dfb86f13f73dca0e1add6ad174dd3927
- SHA512
  
  3cfc9f3fd4ab0feb8a82788e43d9f964d9de35624972758e4f0da27adbad5a5af6a0502057818cbc9f7bf8041003904196aa30c116a8ff9fe5ff2eeec1720260
- SSDEEP
  
  786432:KFRzzjjR5HPHB0/a0yuCtVjw6x1CVVEJi0:Ezp5vHB0y0BCbx1e6
Score

7^/10

upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy