5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

cryptolaemus

windows10-2004-x64

8

cryptolaemus

windows11-21h2-x64

8

Sharing

General

Target

5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631
Size

287KB
Sample

240620-py4w5axhja
MD5

75ecf319b39d6e6c8f30a943df43969b
SHA1

b5f171ded06331b00830b425efce744c3a9ee7ec
SHA256

5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631
SHA512

eff7ad8c129b402282f349df7e75031acaa2981e575963411cf0e0850be102b6630285551057ebf49cf38a869a8b16a06d97c257d3d5186ce54e290bfa796839
SSDEEP

3072:rheBqhy5aV5gpqY8sXwTEHXfGaNoM+/ORSs5G2Ms436TFZbYSeJLv4pqgGN0FzCr:rC01sX/fJx+/N6JOSeJT480F

Score

8^/10

discovery execution exploit persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631.exe

Resource

win10v2004-20240611-en

discovery execution exploit persistence upx

windows10-2004-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631.exe

Resource

win11-20240611-en

discovery execution exploit persistence upx

windows11-21h2-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631
- Size
  
  287KB
- MD5
  
  75ecf319b39d6e6c8f30a943df43969b
- SHA1
  
  b5f171ded06331b00830b425efce744c3a9ee7ec
- SHA256
  
  5e9e9feff79a516df439c031aed499e8df5337c21b1d3396ac53a5be95a89631
- SHA512
  
  eff7ad8c129b402282f349df7e75031acaa2981e575963411cf0e0850be102b6630285551057ebf49cf38a869a8b16a06d97c257d3d5186ce54e290bfa796839
- SSDEEP
  
  3072:rheBqhy5aV5gpqY8sXwTEHXfGaNoM+/ORSs5G2Ms436TFZbYSeJLv4pqgGN0FzCr:rC01sX/fJx+/N6JOSeJT480F
Score

8^/10

discovery execution exploit persistence upx
- Creates new service(s)
  persistence execution
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

File and Directory Permissions Modification

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexecutionexploitpersistenceupx

behavioral2

discoveryexecutionexploitpersistenceupx

© 2018-2024

Terms | Privacy