4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

4a63c82c08...38.exe

windows7-x64

8

4a63c82c08...38.exe

windows10-2004-x64

8

Sharing

General

Target

4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038
Size

4.4MB
Sample

231121-dh3hkscd6x
MD5

4459ddf6f1c3484e5f9cdbeda941aa99
SHA1

359b03153d3deb165b1f10ccfdae8fdf82d5e294
SHA256

4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038
SHA512

2cfe1b9b58174e3d8603654669a86e0821a3a7868ce479cd357593a07c16bf24ca3921707b3f3521b7bada1cfe97a8b99f2ebb0c693ea4ec52a058a56e3cd29f
SSDEEP

49152:oTGkQk5QZuTtS0rQMYOQ+q8CEjTG4QWTGHQ39KFeM7:oKkrWsM0r1QnIK4LKHw0Feu

Score

8^/10

upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038.exe

Resource

win7-20231020-en

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038
- Size
  
  4.4MB
- MD5
  
  4459ddf6f1c3484e5f9cdbeda941aa99
- SHA1
  
  359b03153d3deb165b1f10ccfdae8fdf82d5e294
- SHA256
  
  4a63c82c08fe3dab78d0be7192bdfe4c811c188d28fb98323f92dca44045e038
- SHA512
  
  2cfe1b9b58174e3d8603654669a86e0821a3a7868ce479cd357593a07c16bf24ca3921707b3f3521b7bada1cfe97a8b99f2ebb0c693ea4ec52a058a56e3cd29f
- SSDEEP
  
  49152:oTGkQk5QZuTtS0rQMYOQ+q8CEjTG4QWTGHQ39KFeM7:oKkrWsM0r1QnIK4LKHw0Feu
Score

8^/10

upx
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

SIP and Trust Provider Hijacking

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy