c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

c1bb66afb5...a2.exe

windows7-x64

8

c1bb66afb5...a2.exe

windows10-2004-x64

7

Sharing

General

Target

c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2
Size

243KB
Sample

231103-xmbefaah76
MD5

fa9a2b7e3ebf976591d7161edd084f82
SHA1

cd3da10f727b85f4be9208b22b1ed8effaf75a99
SHA256

c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2
SHA512

b48741ef33bd899f097b0d5d5d2137247bbc95ae3bd81667430eb95ed4e71a02eb18f56883225d53facb9ddcc9eb73d08c5fdb6e98b7eb105847e37ec4b4ab29
SSDEEP

3072:ewzvOYNO5YPl3/DvbEvK9aobNI2B+DlIH3angqtirxzGlB89Vo6FoCG55lO/X9u0:1OiPlrh9H/B+3ChmBV+UdvrEFp7hK5p0

Score

8^/10

persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2.exe

Resource

win7-20231023-en

persistence upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2
- Size
  
  243KB
- MD5
  
  fa9a2b7e3ebf976591d7161edd084f82
- SHA1
  
  cd3da10f727b85f4be9208b22b1ed8effaf75a99
- SHA256
  
  c1bb66afb50e7b2e34719b8e3aa622e32e7f8ae358f9b1f48bc3831a814a01a2
- SHA512
  
  b48741ef33bd899f097b0d5d5d2137247bbc95ae3bd81667430eb95ed4e71a02eb18f56883225d53facb9ddcc9eb73d08c5fdb6e98b7eb105847e37ec4b4ab29
- SSDEEP
  
  3072:ewzvOYNO5YPl3/DvbEvK9aobNI2B+DlIH3angqtirxzGlB89Vo6FoCG55lO/X9u0:1OiPlrh9H/B+3ChmBV+UdvrEFp7hK5p0
Score

8^/10

persistence upx
- Modifies AppInit DLL entries
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy