a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

a9eff40e79...60.exe

windows7-x64

8

a9eff40e79...60.exe

windows10-2004-x64

7

Sharing

General

Target

a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260
Size

229KB
Sample

240618-nlr65awbkj
MD5

7fe95da34596f0b9c8aeb965f5971724
SHA1

d884265e0ace1ad4561a1a80dfb2e042deb43956
SHA256

a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260
SHA512

6ae5e259c39bf76ec8100a5df49b57785e05f6713f1ee30106f5c219db9956d966ef55285ad2608f6a46a620f2071f9c412b27cab4f410018d57a18e3603445d
SSDEEP

3072:UAt2Sm7m5oPeTOZQvfSERdX9Zk8AtB+alonPCHwiVSj5j2VR0d54yVIyO5hpGb/k:CS+ejRsB+BP/BV+UdvrEFp7hKOI8

Score

8^/10

persistence privilege_escalation upx

Static task

static1

Behavioral task

behavioral1

Sample

a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260.exe

Resource

win7-20240221-en

persistence privilege_escalation upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260
- Size
  
  229KB
- MD5
  
  7fe95da34596f0b9c8aeb965f5971724
- SHA1
  
  d884265e0ace1ad4561a1a80dfb2e042deb43956
- SHA256
  
  a9eff40e794a3baa3c5afeb2c69af14a7d5e97d7f29ef28ac072c877ff145260
- SHA512
  
  6ae5e259c39bf76ec8100a5df49b57785e05f6713f1ee30106f5c219db9956d966ef55285ad2608f6a46a620f2071f9c412b27cab4f410018d57a18e3603445d
- SSDEEP
  
  3072:UAt2Sm7m5oPeTOZQvfSERdX9Zk8AtB+alonPCHwiVSj5j2VR0d54yVIyO5hpGb/k:CS+ejRsB+BP/BV+UdvrEFp7hKOI8
Score

8^/10

persistence privilege_escalation upx
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistenceprivilege_escalationupx

behavioral2

© 2018-2024

Terms | Privacy