Overview

overview

10

Static

static

3

82592d3a83...d2.exe

windows7-x64

10

82592d3a83...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    156s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 19:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    82592d3a83f32ce7b85dd5ead270f8d2.exe

  • Size

    13KB

  • MD5

    82592d3a83f32ce7b85dd5ead270f8d2

  • SHA1

    32b3da33cbeb617332ad2a5731340ed0e0d408d1

  • SHA256

    38e1a29c7a3fae493b745ebf1f5b66a926a99550b23fe7f1c210ee1eccfdae2a

  • SHA512

    b488ff43f61d94e47607c2c7d851f76d8b4923b388394679a856039032841dead64256efe7910ce0d3e3a6921e479a683199297462bd0be1012aeee9eb79c55f

  • SSDEEP

    384:6K+dKfzQHxFxRmyja4QhiP7UlY/pjK7aylryyylQlylW/lyyyyyQ:v+dAURFxna4QAPQlYg7aylryyylQlylC

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82592d3a83f32ce7b85dd5ead270f8d2.exe
    "C:\Users\Admin\AppData\Local\Temp\82592d3a83f32ce7b85dd5ead270f8d2.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4988
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    13KB

    MD5

    2cd3dba4b6f5e3bb2af755b71ea9c924

    SHA1

    fe880709425eb65c9250a03722dfe7dcdccd8f1a

    SHA256

    13fead3786e0c4d4b8137c6d3dea7061ed9a22c3f8fcc6d17ffdfce2673ff35e

    SHA512

    d0e2fbfc4a3af95edebb374d47f8c887fef6a42144281e5ebdeb7558d705a835d25f4e4e7e8cfd53965cd9e273daf21bcb3f348837f4bea37e9cc346897d6c2d

    Download Submit