a1ea988c9b8bb71be31da72660d3ec18babe7b8aed1101d03ab62c0c037a6c87 | Triage

Submit
Reports

Overview

overview

Static

static

7

04c6edff90...6f.exe

windows7-x64

04c6edff90...6f.exe

windows10-2004-x64

Sharing

General

Target

04c6edff9076cefcc036da59a349bf6f
Size

242KB
Sample

231229-1mf7gabbc7
MD5

04c6edff9076cefcc036da59a349bf6f
SHA1

a68cf988973fb17bb6e05803563dc4308735a611
SHA256

a1ea988c9b8bb71be31da72660d3ec18babe7b8aed1101d03ab62c0c037a6c87
SHA512

040376b7ade6f4a94d4c1d1e000a032367df90475bcc95a698370acc7cfff5b86d3c758932ee25ac7642f9b1cf25116d964aff9171f79e54922b625d0a6e7960
SSDEEP

6144:bYpSnN1sLYGShjWWrUNKnUiyPZ+QQieWB6CFlH4/F5uQiOB:bYpSN1Eni2iyZ+SPFq9AQiOB

Score

10^/10

persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

04c6edff9076cefcc036da59a349bf6f.exe

Resource

win7-20231129-en

persistence upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

04c6edff9076cefcc036da59a349bf6f.exe

Resource

win10v2004-20231222-en

persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  04c6edff9076cefcc036da59a349bf6f
- Size
  
  242KB
- MD5
  
  04c6edff9076cefcc036da59a349bf6f
- SHA1
  
  a68cf988973fb17bb6e05803563dc4308735a611
- SHA256
  
  a1ea988c9b8bb71be31da72660d3ec18babe7b8aed1101d03ab62c0c037a6c87
- SHA512
  
  040376b7ade6f4a94d4c1d1e000a032367df90475bcc95a698370acc7cfff5b86d3c758932ee25ac7642f9b1cf25116d964aff9171f79e54922b625d0a6e7960
- SSDEEP
  
  6144:bYpSnN1sLYGShjWWrUNKnUiyPZ+QQieWB6CFlH4/F5uQiOB:bYpSN1Eni2iyZ+SPFq9AQiOB
Score

10^/10

persistence upx
- Modifies WinLogon for persistence
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy