e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

General

Target

e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16
Size

223KB
Sample

240522-lxedasbc5s
MD5

3955af54fbac1e43c945f447d92e4108
SHA1

53c5552c3649619e4e8c6a907b94573f47130fa4
SHA256

e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16
SHA512

fa028a040a5f075296aebab7f63a59b6cbba32ee0964dfc08768396cc012ff5d861191e2478914d79d4a424c3bba110505a58b97376c44c716f0b1ea70551037
SSDEEP

3072:tneBqhy5aVLOwqI8sgwoEHXfwaNUM+/ORSs5G2Ms4f6TFZbhgvbUxzJ8Y:tETlsgOfDt+/V6JQO98

Score

8^/10

discovery execution exploit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16.exe

Resource

win10v2004-20240508-en

discovery execution exploit persistence upx

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16.exe

Resource

win11-20240426-en

discovery execution exploit persistence upx

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16
- Size
  
  223KB
- MD5
  
  3955af54fbac1e43c945f447d92e4108
- SHA1
  
  53c5552c3649619e4e8c6a907b94573f47130fa4
- SHA256
  
  e6de332ad778f7a7cf160efa60656c3ac960dc77806905493d5cffe58ee1de16
- SHA512
  
  fa028a040a5f075296aebab7f63a59b6cbba32ee0964dfc08768396cc012ff5d861191e2478914d79d4a424c3bba110505a58b97376c44c716f0b1ea70551037
- SSDEEP
  
  3072:tneBqhy5aVLOwqI8sgwoEHXfwaNUM+/ORSs5G2Ms4f6TFZbhgvbUxzJ8Y:tETlsgOfDt+/V6JQO98
Score

8^/10

discovery execution exploit persistence upx
- Creates new service(s)
  persistence execution
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexecutionexploitpersistenceupx

behavioral2

discoveryexecutionexploitpersistenceupx

© 2018-2024

Terms | Privacy