Overview

overview

10

Static

static

3

8f8103ff4f...a6.exe

windows7-x64

10

8f8103ff4f...a6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-03-2024 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8f8103ff4f1d6a3fc4806f5df3172b3f1e98cb4aebbb50e2faa29f2d73aa27a6.exe

  • Size

    65KB

  • MD5

    9ad747d9089ac73c418ca3436ff6822f

  • SHA1

    3117ea00ed5cb6f2dd6510a525f3dd3caef5e334

  • SHA256

    8f8103ff4f1d6a3fc4806f5df3172b3f1e98cb4aebbb50e2faa29f2d73aa27a6

  • SHA512

    72f9874f4909a09811c11d490aeda8710cb8effc38ba9359ef6a035e48cb3805ce0a83fd67d4587dfa227a385cfc997fa22704025899c1dd920c2bc0a73fc60d

  • SSDEEP

    1536:5Y9jw/dUT62rGdiUOWWrMffJ+AxM+I+ceWgP/Sez:5Y9CUT62/UOVMffJ+AW+I+cw

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8f8103ff4f1d6a3fc4806f5df3172b3f1e98cb4aebbb50e2faa29f2d73aa27a6.exe
    "C:\Users\Admin\AppData\Local\Temp\8f8103ff4f1d6a3fc4806f5df3172b3f1e98cb4aebbb50e2faa29f2d73aa27a6.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:116
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    66KB

    MD5

    330dee5fb329bda488aa13748a015013

    SHA1

    9fe89d3d825b9d1987bf101f1f1dcad38c99e9bd

    SHA256

    0e2d3f4017797b634d377ca6af85e08a6716d2f089f991f30af8ae8710d943fb

    SHA512

    3823b6797dede0e53047e3d13cc31003fe9fd89d5f7da7fad19b2938ca3dd63184b07624bccbc1ad134b317535b4659aaa8cc2e9879e76405e2a9743ec264d9b

    Download Submit

  • memory/116-1-0x0000000000680000-0x0000000000681000-memory.dmp

    Filesize

    4KB

    Download

  • memory/116-9-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/2836-10-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download