e2909ffd5525f16ed386b9ac74de8e11c60ae02f27df89b8f4fad4f0d02280be | Triage

Sharing

General

Target

c7c7a4050f69dda819196e202561884a
Size

357KB
Sample

240314-fxg7asdf74
MD5

c7c7a4050f69dda819196e202561884a
SHA1

b45605edd71324ffc7f4152868764d2c487c675a
SHA256

e2909ffd5525f16ed386b9ac74de8e11c60ae02f27df89b8f4fad4f0d02280be
SHA512

90a9c3aeacf9c2ddcb685cca9718b4a344b5cc1a8cdfc01b3628acf3c6a6bd83a1a8c83f0f57e549d79478df399d786d26efab63824d24ccafdfbd9470904b45
SSDEEP

6144:KlP5X7/6GFS8bDIIBCaX4eH99JVUn2ZAwYpuqfEz+Pn08/bqczzsVIvO0b:GyG1bkkCaX4UdAIAJp3Ez+PnbzMIm0b

Score

8^/10

persistence upx

Malware Config

Targets

- Target
  
  c7c7a4050f69dda819196e202561884a
- Size
  
  357KB
- MD5
  
  c7c7a4050f69dda819196e202561884a
- SHA1
  
  b45605edd71324ffc7f4152868764d2c487c675a
- SHA256
  
  e2909ffd5525f16ed386b9ac74de8e11c60ae02f27df89b8f4fad4f0d02280be
- SHA512
  
  90a9c3aeacf9c2ddcb685cca9718b4a344b5cc1a8cdfc01b3628acf3c6a6bd83a1a8c83f0f57e549d79478df399d786d26efab63824d24ccafdfbd9470904b45
- SSDEEP
  
  6144:KlP5X7/6GFS8bDIIBCaX4eH99JVUn2ZAwYpuqfEz+Pn08/bqczzsVIvO0b:GyG1bkkCaX4UdAIAJp3Ez+PnbzMIm0b
Score

8^/10

persistence upx
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2