Overview

overview

8

Static

static

3

72929dc9cd...a6.exe

windows7-x64

7

72929dc9cd...a6.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    72929dc9cd7ff04c903459f70d0756a6.exe

  • Size

    1.9MB

  • Sample

    240520-j1jq3sbf6x

  • MD5

    72929dc9cd7ff04c903459f70d0756a6

  • SHA1

    ecc70471eec1491257d0b954e92484a666b15a81

  • SHA256

    534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c

  • SHA512

    1bfb064e45d906fd6fa7c75f3a32cb4a27cb32f3dd3564334d6573d5430e465d6929a1330905f42c81bb538976cccc7c9e10ed60e36b1884e12c797720983d47

  • SSDEEP

    49152:QGJTeLOqwizFY/f1QRv41eaTNGC0Y8ZxMjI6IeLH3q:T1wOqwMY/Kv41VfBJj

Score
8/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      72929dc9cd7ff04c903459f70d0756a6.exe

    • Size

      1.9MB

    • MD5

      72929dc9cd7ff04c903459f70d0756a6

    • SHA1

      ecc70471eec1491257d0b954e92484a666b15a81

    • SHA256

      534b0503426f82746a3b5b8588e8c98312230c2e41979190638416d86a67009c

    • SHA512

      1bfb064e45d906fd6fa7c75f3a32cb4a27cb32f3dd3564334d6573d5430e465d6929a1330905f42c81bb538976cccc7c9e10ed60e36b1884e12c797720983d47

    • SSDEEP

      49152:QGJTeLOqwizFY/f1QRv41eaTNGC0Y8ZxMjI6IeLH3q:T1wOqwMY/Kv41VfBJj

    Score
    8/10
    persistenceupxdiscovery

    • Contacts a large (647) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks