6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266 | Triage

Submit
Reports

Overview

overview

Static

static

7

6eac2b69f8...JC.exe

windows7-x64

6eac2b69f8...JC.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266_JC.exe
Size

525KB
Sample

231005-vsac8afa74
MD5

46e3ad653b69709959281b0718f309ff
SHA1

bdd2cd05aa47ca27dff1ca1306943db83b8753e8
SHA256

6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266
SHA512

b70328baf047f11bf5c4a4d62031ad9a03c3dc6c9819b80709e524056c0ac34da72d76161e8cceced909ee387f4c0b5ee63cb4fcbd3feed0502dbc9333d1c6c4
SSDEEP

6144:hcTgav1cdCTuoPbgwmOLJvKRhLSFXdFo6cEOkCybEaQRXr9HNdvOaCy8K:hSvO2x9mONvKRhLSFROkx2LIaCy

Score

10^/10

upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266_JC.exe

Resource

win7-20230831-en

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266_JC.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266_JC.exe
- Size
  
  525KB
- MD5
  
  46e3ad653b69709959281b0718f309ff
- SHA1
  
  bdd2cd05aa47ca27dff1ca1306943db83b8753e8
- SHA256
  
  6eac2b69f85c9f849f1d1505a1ad4d1452543fe1140a1618468a37a6f3153266
- SHA512
  
  b70328baf047f11bf5c4a4d62031ad9a03c3dc6c9819b80709e524056c0ac34da72d76161e8cceced909ee387f4c0b5ee63cb4fcbd3feed0502dbc9333d1c6c4
- SSDEEP
  
  6144:hcTgav1cdCTuoPbgwmOLJvKRhLSFXdFo6cEOkCybEaQRXr9HNdvOaCy8K:hSvO2x9mONvKRhLSFROkx2LIaCy
Score

10^/10

upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy