b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1

General

Target

b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
Size

4.5MB
MD5

298976b9e88b6280ec0c5b2c8ef358dc
SHA1

634fe13eb6cef98f34ad760d094e868704696718
SHA256

b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1
SHA512

91f266e92f6157903b16291744cc31be1a6cad071ee174e02b5eac636e74c472b39222ef8995900b6369582e2fc78f458035adeef0097fa4faa3670cd22c7984
SSDEEP

98304:LT4500whHxZnKeMrbHtX1M1zGvjeCZ9ZpbDDMIgPLnRzeWQ9Sjt8MLynuofWpvnZ:34VwPNgXtlM1ePLDDLgPrlNFqMuRfya4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2608-54-0x0000000000400000-0x0000000000CDE000-memory.dmp	upx
behavioral1/memory/2608-59-0x0000000000400000-0x0000000000CDE000-memory.dmp	upx
behavioral1/memory/2608-62-0x0000000000400000-0x0000000000CDE000-memory.dmp	upx
behavioral1/memory/2608-65-0x0000000000400000-0x0000000000CDE000-memory.dmp	upx
behavioral1/memory/2608-66-0x0000000000400000-0x0000000000CDE000-memory.dmp	upx

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\M:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\N:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\Y:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\J:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\W:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\X:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\G:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\I:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\P:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\R:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\T:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\U:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\V:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\Z:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\E:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\H:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\K:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\O:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\Q:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
File opened (read-only)	\??\S:	b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe

C:\Users\Admin\AppData\Local\Temp\b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe
"C:\Users\Admin\AppData\Local\Temp\b1c0c12cd4646c90514b40402cd41005aa09dcfd4dee222bc9aec3efe6d33cc1.exe"
1⤵
- Enumerates connected drives
PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2608-54-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2608-55-0x00000000024E0000-0x00000000024E3000-memory.dmp

Filesize
12KB

Download
memory/2608-56-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/2608-58-0x0000000000D70000-0x0000000000D71000-memory.dmp

Filesize
4KB

Download
memory/2608-57-0x0000000000D80000-0x0000000000D81000-memory.dmp

Filesize
4KB

Download
memory/2608-59-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2608-60-0x0000000000D60000-0x0000000000D61000-memory.dmp

Filesize
4KB

Download
memory/2608-62-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2608-63-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2608-64-0x0000000003780000-0x0000000003837000-memory.dmp

Filesize
732KB

Download
memory/2608-65-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2608-66-0x0000000000400000-0x0000000000CDE000-memory.dmp

Filesize
8.9MB

Download
memory/2608-67-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2608-68-0x0000000003780000-0x0000000003837000-memory.dmp

Filesize
732KB

Download

Analysis

Sharing