upatre | 9430ee1ba0e46a04492d17df2098d87bc22c72d94d21ddb2ba53b4df25f5bc67

Analysis

max time kernel
7s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1149138f6ab23de1e62655a28f420f8.exe
Size

134KB
MD5

d1149138f6ab23de1e62655a28f420f8
SHA1

84266c0b84bcf2503af8994064993b3381f184f5
SHA256

9430ee1ba0e46a04492d17df2098d87bc22c72d94d21ddb2ba53b4df25f5bc67
SHA512

d8816d994ed099124a54b747ad3790cbc5a14997445c41bb117b4821a2d6b6b14c5cb7692bfa4945556f5c27123fef44ca2c8dde242a02a61ccde4df7b575fad
SSDEEP

3072:tY9CUT62/UOVMgJsgJMgJogJwgJ0zqgJ01J3RgJ01JygJ01JK8gJ01JK2gJ01JKL:tY9C8QyFJlJFJRJZJqJyJ3CJyJbJyJW7

Score

10^/10

upatre downloader

Malware Config

Signatures

Upatre
Upatre is a generic malware downloader.
downloader upatre
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\d1149138f6ab23de1e62655a28f420f8.exe
"C:\Users\Admin\AppData\Local\Temp\d1149138f6ab23de1e62655a28f420f8.exe"
1⤵
PID:2376
- C:\Users\Admin\AppData\Local\Temp\szgfw.exe
  "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
  2⤵
  PID:1260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\szgfw.exe

Filesize
19KB

MD5
b64d04e33d1d42d48c65ec2dea7dd675

SHA1
0942a16f4b525916111748ac3721a6e8a690aaff

SHA256
905d2688e91a4bb5767026d80420eecd75c8fc552be60424d68d595293a72fdf

SHA512
c7f880457d0ff696e22bdd84470819848c0b4d17d68f0eb32343cd1a92a1195f2d43e4e188010b035c7c8f1303a68a57654128ed9f8196a39b1834986f8a42f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\szgfw.exe

Filesize
10KB

MD5
ca25335669bd784350584d92a3904d14

SHA1
fcfb347c01badf1f765ba0d0aa9c9c032d25e38c

SHA256
ef0e66cf67314f5467e2a88ad8f5cb405a35fa3d9189f34a0bd6dbfc55c643b3

SHA512
be8fe81ee133058b14ff80582ef41293f340497514e5f34dd0086bf15f7e1afdbe834fb9442561d8f1daff36584b172490a9daace84d70a13a0949e448b47293

Download Submit
C:\Users\Admin\AppData\Local\Temp\szgfw.exe

Filesize
1KB

MD5
cb1d38467829674da6243698f5d768f7

SHA1
d223a597ca8057995712435f8d2daf830214a612

SHA256
293b4d2f1fa808cc3a09f45702107d2f1c0d6f65239de0d99b090e85b9c469d2

SHA512
d4ff90d9b6ce1671d58534542548532c233f3e184f0c6c1cb04801b250a265d8e96ca25631dab49cb7faf0616884b625c92e3e6017a3c35f76cddc1a43f9bb95

Download Submit
\Users\Admin\AppData\Local\Temp\szgfw.exe

Filesize
21KB

MD5
b64ed421c7d33cee359a8aa690d4eef3

SHA1
648e703daf8fb1b12017fccb31c0d0ea09b00fa5

SHA256
05e94dc87310a307910ef90320848c6c2ce0a98151760858129469ca844e3519

SHA512
c3283bcd240f9d4ec0a3c4a12878570fd86997de3b98e0f57e9f57f229394a6d07a1915135220036420c1cdf40f81ed46c9feb37b0fb649de524741f319910f3

Download Submit
memory/2376-0-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2376-2-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2376-12-0x0000000003390000-0x00000000033B6000-memory.dmp

Filesize
152KB

Download
memory/2376-11-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download