c7983f58c6011aec5ace1bdad451df52b7493ff57e82e715280c9c9f3d6572b5 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

b49256c727...ab.exe

windows7-x64

7

b49256c727...ab.exe

windows10-2004-x64

7

Sharing

General

Target

b49256c727936033ed81e85be64182ab
Size

240KB
Sample

240305-ndkgbadd71
MD5

b49256c727936033ed81e85be64182ab
SHA1

2c7a17eb04492d3e84b76c92d01885dd725a1792
SHA256

c7983f58c6011aec5ace1bdad451df52b7493ff57e82e715280c9c9f3d6572b5
SHA512

592d3426d7360e4b01ead6c5523d88eb6774c092e7ff2ca9fe3801b621852e39ff3cb417f13da37daa3c5cc7e858e35b4cbd493b39c55a7924512b8270b28d24
SSDEEP

3072:mh/xupFZLe8irTEKOFXQSbOqyWT+Ehr1j00aKjNupjKibhpLeOWQvqmV+S6qsQKf:DzfFXQgOrWimr1jdajhfeKq6s5M8//

Score

7^/10

persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b49256c727936033ed81e85be64182ab.exe

Resource

win7-20240221-en

persistence upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b49256c727936033ed81e85be64182ab.exe

Resource

win10v2004-20240226-en

persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  b49256c727936033ed81e85be64182ab
- Size
  
  240KB
- MD5
  
  b49256c727936033ed81e85be64182ab
- SHA1
  
  2c7a17eb04492d3e84b76c92d01885dd725a1792
- SHA256
  
  c7983f58c6011aec5ace1bdad451df52b7493ff57e82e715280c9c9f3d6572b5
- SHA512
  
  592d3426d7360e4b01ead6c5523d88eb6774c092e7ff2ca9fe3801b621852e39ff3cb417f13da37daa3c5cc7e858e35b4cbd493b39c55a7924512b8270b28d24
- SSDEEP
  
  3072:mh/xupFZLe8irTEKOFXQSbOqyWT+Ehr1j00aKjNupjKibhpLeOWQvqmV+S6qsQKf:DzfFXQgOrWimr1jdajhfeKq6s5M8//
Score

7^/10

persistence upx
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy