d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a | Triage

Submit
Reports

Overview

overview

Static

static

3

d03b466887...2a.exe

windows7-x64

d03b466887...2a.exe

windows10-2004-x64

Sharing

General

Target

d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
Size

1.5MB
Sample

240425-d456laeg51
MD5

13c291a51303cb5b0d165e16fb16adbf
SHA1

67770e925c3f03212afdbdf20e84a7de8d682465
SHA256

d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
SHA512

b2064b2ee4bdd4ac1bc8a3b1ba49c3cd359c098100ebf0ffe55566cb920478a806758a536b53b5216e66fdb2207d1df5ca2ff850a4ea23afc3941f81701205d1
SSDEEP

12288:wHZVm/7ePnv+TWM+6+xTGzgFA+u/x8acJdPACFFbLFi8cj5UQbM72voL:2v+NWu/adRYj5UQO5

Score

10^/10

evasion persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a.exe

Resource

win7-20240221-en

evasion persistence upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a.exe

Resource

win10v2004-20240412-en

evasion persistence upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
- Size
  
  1.5MB
- MD5
  
  13c291a51303cb5b0d165e16fb16adbf
- SHA1
  
  67770e925c3f03212afdbdf20e84a7de8d682465
- SHA256
  
  d03b466887d59a3c98ae312c7f317e998a73c7212a78391e859c95bd981c992a
- SHA512
  
  b2064b2ee4bdd4ac1bc8a3b1ba49c3cd359c098100ebf0ffe55566cb920478a806758a536b53b5216e66fdb2207d1df5ca2ff850a4ea23afc3941f81701205d1
- SSDEEP
  
  12288:wHZVm/7ePnv+TWM+6+xTGzgFA+u/x8acJdPACFFbLFi8cj5UQbM72voL:2v+NWu/adRYj5UQO5
Score

10^/10

evasion persistence upx
- Modifies firewall policy service
  evasion
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy