Overview

overview

9

Static

static

1

865db26745...ea.dll

windows7-x64

9

865db26745...ea.dll

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    865db2674537673f27b8bc249b5163fa659575abd1b704bfcadf33ddf03bddea

  • Size

    1.4MB

  • Sample

    240309-3j7w5aea57

  • MD5

    41788b7c0463c6b7789e88fcf060c0c8

  • SHA1

    54afe07871fa00d361d80c10b253b06f94f627cb

  • SHA256

    865db2674537673f27b8bc249b5163fa659575abd1b704bfcadf33ddf03bddea

  • SHA512

    c5f458a7c609679cf9da402dce50f8f1a8a07eaeccf6953724b08812a25dcf8e89cbfcefd493af752c7cd3fa1151f23b9b81648e02ccbb29b786926075dc8182

  • SSDEEP

    24576:0kAF7wn+KpPy3xNoJ6ErkdNWDmSXSF+lVpocJ/XOG2VrEH7U:neQwdNWDmSBlVpocJ/XOG2r

Score
9/10
persistenceupx

Malware Config

Targets

    • Target

      865db2674537673f27b8bc249b5163fa659575abd1b704bfcadf33ddf03bddea

    • Size

      1.4MB

    • MD5

      41788b7c0463c6b7789e88fcf060c0c8

    • SHA1

      54afe07871fa00d361d80c10b253b06f94f627cb

    • SHA256

      865db2674537673f27b8bc249b5163fa659575abd1b704bfcadf33ddf03bddea

    • SHA512

      c5f458a7c609679cf9da402dce50f8f1a8a07eaeccf6953724b08812a25dcf8e89cbfcefd493af752c7cd3fa1151f23b9b81648e02ccbb29b786926075dc8182

    • SSDEEP

      24576:0kAF7wn+KpPy3xNoJ6ErkdNWDmSXSF+lVpocJ/XOG2VrEH7U:neQwdNWDmSBlVpocJ/XOG2r

    Score
    9/10
    persistenceupx

    • UPX dump on OEP (original entry point)

    • Blocklisted process makes network request

    • Modifies AppInit DLL entries

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks