Overview

overview

10

Static

static

3

Updateexe.exe

windows7-x64

8

Updateexe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Updateexe.exe

  • Size

    591KB

  • Sample

    230704-xbp4fsgb95

  • MD5

    53388f1619dda917dd62515d5ebca691

  • SHA1

    cc5aeec69eada4166cc002d8232bb0114c671c22

  • SHA256

    f9da54b2912742131ca8ae08a2a81895915109a21af8dbfb9dab6ead1481337d

  • SHA512

    c42da1d9107316bf5da2fb9f72f717d363d203b39a9187713962e5289a80d76d7f8bcd6b37271c08a30f9b441aa49a23655ccbc16089f8a8a65d6e51774e9f53

  • SSDEEP

    12288:/Hky2qkgHoX5RiI3igcaWdJiFfcv0SFWRQwk9G1vz:/H1QgHOLjigwbiFfcvGG59cb

Score
10/10

Malware Config

Targets

    • Target

      Updateexe.exe

    • Size

      591KB

    • MD5

      53388f1619dda917dd62515d5ebca691

    • SHA1

      cc5aeec69eada4166cc002d8232bb0114c671c22

    • SHA256

      f9da54b2912742131ca8ae08a2a81895915109a21af8dbfb9dab6ead1481337d

    • SHA512

      c42da1d9107316bf5da2fb9f72f717d363d203b39a9187713962e5289a80d76d7f8bcd6b37271c08a30f9b441aa49a23655ccbc16089f8a8a65d6e51774e9f53

    • SSDEEP

      12288:/Hky2qkgHoX5RiI3igcaWdJiFfcv0SFWRQwk9G1vz:/H1QgHOLjigwbiFfcvGG59cb

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks