Overview

overview

10

Static

static

7

6cb49d3f6d...64.exe

windows7-x64

10

6cb49d3f6d...64.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6cb49d3f6d99c8ff229760ae6f3281abf3ff4aa7c3d10665054dff086c9b7464

  • Size

    1.9MB

  • Sample

    230822-zg9fdsgg4s

  • MD5

    85aba7f3204c97acd594fc5d659f04a0

  • SHA1

    8ed930bf5adc538dcff3059dc3db9a5d5c5b93d3

  • SHA256

    6cb49d3f6d99c8ff229760ae6f3281abf3ff4aa7c3d10665054dff086c9b7464

  • SHA512

    c359458aeb61b3fb4fb620c7802c915f1d454f5c3fead9dc999f53082c7e3e23bc5ecdcb5f8b8c96952aabdaad038f9297ff8f24cb19d3b0ed51b3deb7468be9

  • SSDEEP

    24576:2CKSYYOkx2LFJvj0oxv2Dezv/tx3yOkx2LFrJbKkKF/eMNPjM:2/SlQXvvV2yzFx3EQT9KFeMO

Score
10/10
upx

Malware Config

Targets

    • Target

      6cb49d3f6d99c8ff229760ae6f3281abf3ff4aa7c3d10665054dff086c9b7464

    • Size

      1.9MB

    • MD5

      85aba7f3204c97acd594fc5d659f04a0

    • SHA1

      8ed930bf5adc538dcff3059dc3db9a5d5c5b93d3

    • SHA256

      6cb49d3f6d99c8ff229760ae6f3281abf3ff4aa7c3d10665054dff086c9b7464

    • SHA512

      c359458aeb61b3fb4fb620c7802c915f1d454f5c3fead9dc999f53082c7e3e23bc5ecdcb5f8b8c96952aabdaad038f9297ff8f24cb19d3b0ed51b3deb7468be9

    • SSDEEP

      24576:2CKSYYOkx2LFJvj0oxv2Dezv/tx3yOkx2LFrJbKkKF/eMNPjM:2/SlQXvvV2yzFx3EQT9KFeMO

    Score
    10/10
    upx

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Drops file in Drivers directory

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks