Overview

overview

8

Static

static

7

779d1fae13...44.exe

windows7-x64

8

779d1fae13...44.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    779d1fae1316bee12a401c906b1d374a855a0f50e8d3f8a5f44391727905e444

  • Size

    6.7MB

  • Sample

    240521-rw9qpshd41

  • MD5

    51e40d7ff9be9fece988a37ab684c155

  • SHA1

    d02d8d7b79bb98d4dff5c6e5feb58955f637fda4

  • SHA256

    779d1fae1316bee12a401c906b1d374a855a0f50e8d3f8a5f44391727905e444

  • SHA512

    598676391cb0e55b74182d3a77332d0acc2201727a46e6182a0487bd4e0b9a6b67a184deb87c155d32c0d56e2671471f02104baa24f22bb5ad6d2b4c15f5aecb

  • SSDEEP

    196608:463+qS8Hy2Zx/2YgHh4aBE1jVdGXctRdXW:4qkWFZ927NE1jLGiR

Score
8/10
evasionexecutionpersistenceupx

Malware Config

Targets

    • Target

      779d1fae1316bee12a401c906b1d374a855a0f50e8d3f8a5f44391727905e444

    • Size

      6.7MB

    • MD5

      51e40d7ff9be9fece988a37ab684c155

    • SHA1

      d02d8d7b79bb98d4dff5c6e5feb58955f637fda4

    • SHA256

      779d1fae1316bee12a401c906b1d374a855a0f50e8d3f8a5f44391727905e444

    • SHA512

      598676391cb0e55b74182d3a77332d0acc2201727a46e6182a0487bd4e0b9a6b67a184deb87c155d32c0d56e2671471f02104baa24f22bb5ad6d2b4c15f5aecb

    • SSDEEP

      196608:463+qS8Hy2Zx/2YgHh4aBE1jVdGXctRdXW:4qkWFZ927NE1jLGiR

    Score
    8/10
    evasionexecutionpersistenceupx

    • Modifies Windows Firewall

      evasion

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Scheduled Task/Job

1
T1053

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Peripheral Device Discovery

1
T1120

Query Registry

3
T1012

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks