0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c | Triage

Submit
Reports

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

General

Target

0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
Size

291KB
Sample

240521-kn2xkafa82
MD5

7562a8f108271b96994b95ea35494f7f
SHA1

42bf054fd00311f2a47f89c0c1d5674ff485ac71
SHA256

0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
SHA512

e43076d160b33bd26845f7144e848b729d5fd329045835ced8d715dbcaff3fc0ca3bfad3f736a467c2835517fd548eee4aca8ec30a8655ec79777d5628e54259
SSDEEP

3072:1+eBqhy50T5gwq/8sAwoEHXfwaNVM+/ORSs5G2Ms4T6TFZbpBNjQiyMbS7BAC3ZJ:1/TUsAOfD++/x6JHvyf7BAUj8

Score

8^/10

discovery exploit upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c.exe

Resource

win10v2004-20240226-en

discovery exploit upx

windows10-2004-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c.exe

Resource

win11-20240508-en

discovery exploit upx

windows11-21h2-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
- Size
  
  291KB
- MD5
  
  7562a8f108271b96994b95ea35494f7f
- SHA1
  
  42bf054fd00311f2a47f89c0c1d5674ff485ac71
- SHA256
  
  0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c
- SHA512
  
  e43076d160b33bd26845f7144e848b729d5fd329045835ced8d715dbcaff3fc0ca3bfad3f736a467c2835517fd548eee4aca8ec30a8655ec79777d5628e54259
- SSDEEP
  
  3072:1+eBqhy50T5gwq/8sAwoEHXfwaNVM+/ORSs5G2Ms4T6TFZbpBNjQiyMbS7BAC3ZJ:1/TUsAOfD++/x6JHvyf7BAUj8
Score

8^/10

discovery exploit upx
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexploitupx

behavioral2

discoveryexploitupx

© 2018-2024

Terms | Privacy