Analysis
-
max time kernel
179s -
max time network
163s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
21-12-2023 22:52
General
-
Target
1bb33b08beabb8334d2b11ac1110d0a1.exe
-
Size
12KB
-
MD5
1bb33b08beabb8334d2b11ac1110d0a1
-
SHA1
0d5bdb5946b38137834c0bd1d0a18a9a5fa5c245
-
SHA256
cf3b79d8e19b0dac62dc2015c86cc93a37e0a96f7b5562eed17a2b8dc0c3723e
-
SHA512
e6c45d2b276248af0f23c1c9ec59f41041f974fd669b685c350583b6c30020ef3eedcfe48b8063afdd2fc224a6a6e254950ad73b4e1290e980ac5adbc6eda7a1
-
SSDEEP
384:6K+dKfzQHxFxRmyja4QhiP7UlY/pjKkFlplVDzylQ:v+dAURFxna4QAPQlYgkFlplVDzylQ
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1bb33b08beabb8334d2b11ac1110d0a1.exe"C:\Users\Admin\AppData\Local\Temp\1bb33b08beabb8334d2b11ac1110d0a1.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD502107f4c9b0b5cc55102075cb62613a9
SHA15f5cc32afce30ab3edd3ab9338894f2dec2623b8
SHA25679f99d22cf938849016e05e213f37d83da033204d0f54e2fbbe170b65cea484e
SHA51239003ac4e3622affbd3bdccb7348f89fe64a9dc0a71af30c1bf3371245280b637f2e6293753ff523fbdb5ffc885847062d2c438f16ade1c970624229d96029e7