Analysis
-
max time kernel
149s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
04-03-2024 22:08
General
-
Target
8209f6fd6592c2e6caae067f298e60308744be083a88086cb67f14cd597bf850.exe
-
Size
71KB
-
MD5
53353165d38877ba3d3e56828b7275b2
-
SHA1
e96e5242d4c0f224365d4f8592f200bad4ac2474
-
SHA256
8209f6fd6592c2e6caae067f298e60308744be083a88086cb67f14cd597bf850
-
SHA512
8c03615d0d0c5740ce5069706c19e44432dd745a8977c2bc318b3f4f2b83ee321c89cddce7471204af956ef4f9f74fc1708b5cc9c856e3d9f3aeb69e55f8d477
-
SSDEEP
1536:vCWDKUlsCZD1mh8txVQnlRIFYK4Ncp1wDLqkw:6hjTm
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8209f6fd6592c2e6caae067f298e60308744be083a88086cb67f14cd597bf850.exe"C:\Users\Admin\AppData\Local\Temp\8209f6fd6592c2e6caae067f298e60308744be083a88086cb67f14cd597bf850.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
71KB
MD5d7436e8eba176d303a11b4ffede36c1e
SHA1210b78ca4a5623619c34f6b2723404c50704c1da
SHA256384d585a64b3ddd42f372dcbddb956f8f3ca5d0b0710c8df15bc220cfc220536
SHA51274df0e9537ae5a16356cf36d29990b20b546dea2086765a5bf0896d799054ce222736a1c6c7382f91fc04bf441eca3495962a061160527dda8ae22aef64a81e2