Overview

overview

10

Static

static

3

4a61ca6334...87.exe

windows7-x64

10

4a61ca6334...87.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08-01-2024 03:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a61ca6334783c85f5261248aa9f5e87.exe

  • Size

    12KB

  • MD5

    4a61ca6334783c85f5261248aa9f5e87

  • SHA1

    d58958581da5d921e75d4363bf07b8f5379baacc

  • SHA256

    30f5d6c170e38ace0537092caddf08a2a39139ea636d82a18266ab7b5f111731

  • SHA512

    41ab818586ffd4df8b30b551dc00485fac40736fd7a6e76188f9c2ba05afbd63e6185af27e1b06b97e4718e9aec0ab89846debcd13b69df474dd1859472185a8

  • SSDEEP

    384:6K+dKfzQHxFxRmyja4QhiP7UlY/pjKkFlplVDuyY:v+dAURFxna4QAPQlYgkFlplVDuyY

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a61ca6334783c85f5261248aa9f5e87.exe
    "C:\Users\Admin\AppData\Local\Temp\4a61ca6334783c85f5261248aa9f5e87.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    12KB

    MD5

    1162f7e41418049e0e980078dbdde786

    SHA1

    baf7eccef61672d1f09a329eb1e4ac6b6fab5408

    SHA256

    c633a64848716c60fd0f3074e47c1d10a6916dc32bf6aa0ca0ebe8833047ccd4

    SHA512

    6e839e983c8a734e910cc950372b1c088b2e4541641b2baed504eca25da67b68883b60711828f6e9836a7141b875044d5c4578a1cd72330839b22c2b9e1b2ea5

    Download Submit