Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
17-03-2024 02:39
General
-
Target
cfb689cffbeca7ceaffdac627b209c13.exe
-
Size
11KB
-
MD5
cfb689cffbeca7ceaffdac627b209c13
-
SHA1
7d37df83a837496f45a8b85f0a37ca3c9a8236c3
-
SHA256
275e0eec0743473456e95b590997945f76fad722bff15c2cd43bc2bb8a613c14
-
SHA512
9ca4726f84cfb592295c6da066c13eb89ba8dfc4c6fcc71aea16af26cc3d236c095a801833aa115e978581376aa8e68254520ce5ede30dcd835ad7a5dbc7b35b
-
SSDEEP
192:9mUWKs/RnKfzShH/JFxRmyja4QhiP7UlZSyGjpjWD7jqPlyjGwQ:6K+dKfzQHxFxRmyja4QhiP7UlY/pjK7W
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cfb689cffbeca7ceaffdac627b209c13.exe"C:\Users\Admin\AppData\Local\Temp\cfb689cffbeca7ceaffdac627b209c13.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5eb00cad8534e63c8152d530e06c09ded
SHA1671fe3e019ba8599bf268bbb84b5e1b8c186622c
SHA25605324c7e1d7095349d7158526759c2341ed854a2eaf7eff6291e739cfe5bb9a0
SHA512d2e579e5409560e9f65d1abd8e3165799bf29b56f8dfc4f716618be1fbae5a9c3292dd24301e6019c61dfdfbb69332c6a782a79e92d4766558bfd20b32d898a3