f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

f14569088c...10.exe

windows7-x64

8

f14569088c...10.exe

windows10-2004-x64

8

Sharing

General

Target

f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10
Size

280KB
Sample

230903-rxexqaae41
MD5

61d5af8062275bfd4213106f731437d2
SHA1

777b0c4202ae6a7c72129204d69963407c178094
SHA256

f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10
SHA512

077f441d30b23e91c3d3c886ea6b506986f6608dcfbec26416908f6ef2a3fa22ea85ebdf7bdd26901fae89341d2a870c34029ee069568b5b60bce288ea94e36b
SSDEEP

6144:yXSQ8BCMis1TMrRQwy7eIeCDbFcEOkCybEaQRXr9HNdvOa:yXv8BCLocRZy7eIeyb1Okx2LIa

Score

8^/10

upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10.exe

Resource

win7-20230831-en

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10.exe

Resource

win10v2004-20230831-en

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10
- Size
  
  280KB
- MD5
  
  61d5af8062275bfd4213106f731437d2
- SHA1
  
  777b0c4202ae6a7c72129204d69963407c178094
- SHA256
  
  f14569088c650abd3d79f0489e148d4f3b0dca3dadfac841808dacdcf0c6cb10
- SHA512
  
  077f441d30b23e91c3d3c886ea6b506986f6608dcfbec26416908f6ef2a3fa22ea85ebdf7bdd26901fae89341d2a870c34029ee069568b5b60bce288ea94e36b
- SSDEEP
  
  6144:yXSQ8BCMis1TMrRQwy7eIeCDbFcEOkCybEaQRXr9HNdvOa:yXv8BCLocRZy7eIeyb1Okx2LIa
Score

8^/10

upx
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy