Overview

overview

8

Static

static

3

7562a8f108...7f.exe

windows7-x64

8

7562a8f108...7f.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    7562a8f108271b96994b95ea35494f7f.exe

  • Size

    291KB

  • Sample

    240523-gr2t7afh6w

  • MD5

    7562a8f108271b96994b95ea35494f7f

  • SHA1

    42bf054fd00311f2a47f89c0c1d5674ff485ac71

  • SHA256

    0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c

  • SHA512

    e43076d160b33bd26845f7144e848b729d5fd329045835ced8d715dbcaff3fc0ca3bfad3f736a467c2835517fd548eee4aca8ec30a8655ec79777d5628e54259

  • SSDEEP

    3072:1+eBqhy50T5gwq/8sAwoEHXfwaNVM+/ORSs5G2Ms4T6TFZbpBNjQiyMbS7BAC3ZJ:1/TUsAOfD++/x6JHvyf7BAUj8

Score
8/10
discoveryexecutionexploitpersistenceupx

Malware Config

Targets

    • Target

      7562a8f108271b96994b95ea35494f7f.exe

    • Size

      291KB

    • MD5

      7562a8f108271b96994b95ea35494f7f

    • SHA1

      42bf054fd00311f2a47f89c0c1d5674ff485ac71

    • SHA256

      0eda07e22619ffa11c789a1ebf945d8f8510a210dc7b1c898a9a09e706ad4b4c

    • SHA512

      e43076d160b33bd26845f7144e848b729d5fd329045835ced8d715dbcaff3fc0ca3bfad3f736a467c2835517fd548eee4aca8ec30a8655ec79777d5628e54259

    • SSDEEP

      3072:1+eBqhy50T5gwq/8sAwoEHXfwaNVM+/ORSs5G2Ms4T6TFZbpBNjQiyMbS7BAC3ZJ:1/TUsAOfD++/x6JHvyf7BAUj8

    Score
    8/10
    discoveryexecutionexploitpersistenceupx

    • Creates new service(s)

      persistenceexecution

    • Possible privilege escalation attempt

      exploit

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks