7d03f826ddf005766a813d62e291c5f82b40a266620c65d24cee1d47a0346a62 | Triage

Submit
Reports

Overview

overview

Static

static

3

Pinaldi Ga...er.exe

windows10-2004-x64

Sharing

General

Target

Pinaldi Game Coppier.exe
Size

22.4MB
Sample

240424-vce9jade2w
MD5

ff6173ab650aa487d4f7421743730fca
SHA1

c4f59628fc7eb993014ad6441ea515ddcc11afb3
SHA256

7d03f826ddf005766a813d62e291c5f82b40a266620c65d24cee1d47a0346a62
SHA512

3051b1c5ccb0e9c73b2bbd8002edbea8363420363a628e0d01a86d7b5107eee507166472d7a578afd9d2acc560b4c2707864433bf731058343e08f38f1dd53f6
SSDEEP

393216:CbYDFYxmEos+icVY+IqDx3KCCV53n+L/XwPUsptAeNJiaPLtqa94wCGlzQorKDpk:CbYfjiuF8MrwttA23PV5l88KN

Score

10^/10

evasion pyinstaller upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Pinaldi Game Coppier.exe

Resource

win10v2004-20240412-en

evasion pyinstaller upx

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  Pinaldi Game Coppier.exe
- Size
  
  22.4MB
- MD5
  
  ff6173ab650aa487d4f7421743730fca
- SHA1
  
  c4f59628fc7eb993014ad6441ea515ddcc11afb3
- SHA256
  
  7d03f826ddf005766a813d62e291c5f82b40a266620c65d24cee1d47a0346a62
- SHA512
  
  3051b1c5ccb0e9c73b2bbd8002edbea8363420363a628e0d01a86d7b5107eee507166472d7a578afd9d2acc560b4c2707864433bf731058343e08f38f1dd53f6
- SSDEEP
  
  393216:CbYDFYxmEos+icVY+IqDx3KCCV53n+L/XwPUsptAeNJiaPLtqa94wCGlzQorKDpk:CbYfjiuF8MrwttA23PV5l88KN
Score

10^/10

evasion pyinstaller upx
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Stops running service(s)
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

evasionpyinstallerupx

© 2018-2024

Terms | Privacy