Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
02-03-2024 03:13
General
-
Target
edfe6d0d23b944497cbd72b5406b02a29889fa66ae26c08c9eead4db89598a5a.exe
-
Size
35KB
-
MD5
d34019b39f88fefaf2878c08d51a23eb
-
SHA1
31b4d002e3063f0642b5283beb74b7a9b4a0a799
-
SHA256
edfe6d0d23b944497cbd72b5406b02a29889fa66ae26c08c9eead4db89598a5a
-
SHA512
db24b7f6d30013842fe0ef5532059591b507f84cb6e2edaea9143e77ab31d68467e176bff068362e63a8ed444651d38bbb1da427e08323c4addfbf61adc4572b
-
SSDEEP
768:v+qAUVByyyNylXUylqylylmMxgMyXAN5IkSFlOxXmk/oghNMor4wmT3dNjgKjW9N:vNVrklhDur+ko
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\edfe6d0d23b944497cbd72b5406b02a29889fa66ae26c08c9eead4db89598a5a.exe"C:\Users\Admin\AppData\Local\Temp\edfe6d0d23b944497cbd72b5406b02a29889fa66ae26c08c9eead4db89598a5a.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
35KB
MD52eb6cede889265f7ca8f5a0f6a701594
SHA1aaaafe0c00225e9df1acd7873767697b9bf02a11
SHA2567ce5eefa44d572d1d5f5e4c20e1b8ec302a4b8c88e9bcd7eef444b089c7f70a4
SHA51269741fcf82595252c918f970ef788de6ca69b619d4db464b1e1b82b2c10e73aecbde07fb6b076eeef37b79c1c91207aea6e78a68af1fcc89a51ad5c44b726cb5