5c40783c92c09c8f2188409e8199f639dfd7cad28003a5a1587fa0216069fa4b | Triage

Submit
Reports

Overview

overview

8

Static

static

1

uniconvert...04.exe

windows10-2004-x64

8

Resubmissions

05-11-2023 18:30

231105-w5wbwsab6x 8

05-11-2023 17:57

231105-wjvhgahg5y 8

Sharing

General

Target

uniconverter15_64bit_full14204.exe
Size

241.6MB
Sample

231105-wjvhgahg5y
MD5

e87a0c14cce47ad451f89103ad9510b0
SHA1

2e8470a17f0ccdf8950179f527f287484e86d8b7
SHA256

5c40783c92c09c8f2188409e8199f639dfd7cad28003a5a1587fa0216069fa4b
SHA512

1b751d2372545c8c7d4220eb4496e318fe0981beee27bd19c05be4af0d719d52b0a6ceab337c0aa5957b13d1ab6a547a186c2a87b2ba7a12cd15cc6c10c512bb
SSDEEP

6291456:miw2Y8eH40Db+syIWETg3jf5LXd8il6R69BBWkjPIbvl:X+HdDb79WXjf5LXd8ile6rwGA9

Score

8^/10

discovery evasion exploit persistence

Static task

static1

Behavioral task

behavioral1

Sample

uniconverter15_64bit_full14204.exe

Resource

win10v2004-20231023-es

discovery evasion exploit persistence

windows10-2004-x64

34 signatures

600 seconds

Malware Config

Targets

- Target
  
  uniconverter15_64bit_full14204.exe
- Size
  
  241.6MB
- MD5
  
  e87a0c14cce47ad451f89103ad9510b0
- SHA1
  
  2e8470a17f0ccdf8950179f527f287484e86d8b7
- SHA256
  
  5c40783c92c09c8f2188409e8199f639dfd7cad28003a5a1587fa0216069fa4b
- SHA512
  
  1b751d2372545c8c7d4220eb4496e318fe0981beee27bd19c05be4af0d719d52b0a6ceab337c0aa5957b13d1ab6a547a186c2a87b2ba7a12cd15cc6c10c512bb
- SSDEEP
  
  6291456:miw2Y8eH40Db+syIWETg3jf5LXd8il6R69BBWkjPIbvl:X+HdDb79WXjf5LXd8ile6rwGA9
Score

8^/10

discovery evasion exploit persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Possible privilege escalation attempt
  exploit
- Stops running service(s)
  evasion
- Modifies file permissions
  discovery
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

discoveryevasionexploitpersistence

© 2018-2024

Terms | Privacy