Overview

overview

10

Static

static

3

9754ed1850...2c.exe

windows7-x64

10

9754ed1850...2c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9754ed1850613133670ce6744da7bf2c

  • Size

    304KB

  • Sample

    240212-regctshc46

  • MD5

    9754ed1850613133670ce6744da7bf2c

  • SHA1

    5f6a5ee9f74fee0a69a96ee68b43ac1f06279bcf

  • SHA256

    d0024fbc2f166639aab20236e9fad73d58c7579a13921db27ba2902290f81c1d

  • SHA512

    fa6a95fb66bb9539aee13e7f5aae044ce966cabc5d0e68f3948337bc123b6f14664999c1d2a08b8f4a0919a57e1d80b00f3dfd1a2f5c585107f78f36381859d9

  • SSDEEP

    6144:ascPtZKAWVNHZ2iSgSVn5+7jIdUDETTq7xPRU3P:rMoVNHZ1vSVI78dfaNPRWP

Score
10/10
evasionpersistenceupx

Malware Config

Targets

    • Target

      9754ed1850613133670ce6744da7bf2c

    • Size

      304KB

    • MD5

      9754ed1850613133670ce6744da7bf2c

    • SHA1

      5f6a5ee9f74fee0a69a96ee68b43ac1f06279bcf

    • SHA256

      d0024fbc2f166639aab20236e9fad73d58c7579a13921db27ba2902290f81c1d

    • SHA512

      fa6a95fb66bb9539aee13e7f5aae044ce966cabc5d0e68f3948337bc123b6f14664999c1d2a08b8f4a0919a57e1d80b00f3dfd1a2f5c585107f78f36381859d9

    • SSDEEP

      6144:ascPtZKAWVNHZ2iSgSVn5+7jIdUDETTq7xPRU3P:rMoVNHZ1vSVI78dfaNPRWP

    Score
    10/10
    evasionpersistenceupx

    • Modifies firewall policy service

      evasion

    • Nirsoft

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks