Overview

overview

10

Static

static

3

feb5ae9193...b5.exe

windows7-x64

10

feb5ae9193...b5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-03-2024 01:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feb5ae9193cc3148179ee5db8a55544a8df4f82919c1cc67021b8a6a2b9534b5.exe

  • Size

    38KB

  • MD5

    595b0b743c505d0bb5ce4ae056c7e490

  • SHA1

    50ade3f5cce82177a99dea005f77da7d5d6220f1

  • SHA256

    feb5ae9193cc3148179ee5db8a55544a8df4f82919c1cc67021b8a6a2b9534b5

  • SHA512

    faaf7752009cc3e60043af39a9b4ad6a8e7ec5cac6cb0bce5e1b129269e92f9e1761c09dd8ff48ca13c7c724bfca313bba0d73349303f7b40fe28ddb6d08f670

  • SSDEEP

    768:kf1Y9RRw/dUT6vurGd/pkUOyGAv+rh95k5AY0I9jeIGvQ:GY9jw/dUT62rGdiUOWWrNmA8aa

Score
10/10
upatredownloader

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

    downloaderupatre
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\feb5ae9193cc3148179ee5db8a55544a8df4f82919c1cc67021b8a6a2b9534b5.exe
    "C:\Users\Admin\AppData\Local\Temp\feb5ae9193cc3148179ee5db8a55544a8df4f82919c1cc67021b8a6a2b9534b5.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
    Filesize

    38KB

    MD5

    72bbc46a3f834a53300a042b46876229

    SHA1

    f501607bce2e55c7623fe0ef32c0ed18aaed9512

    SHA256

    84be50c9463e79d8320343ced4363dd72e7f0094e3787cd8afb4c86dd6501d70

    SHA512

    af803aea087c80ac0b164ee221fcbbe11ba59a44f2f2a6921800f82ea92df0ee69547d5ddf2f6fbc57d61c11130681ce8ec6566e963483baf7a041873a59f224

    Download Submit

  • memory/840-10-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2360-0-0x00000000005B0000-0x00000000005B1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2360-9-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download