3dd0058415627fd8931b04605dc1e53ea610950aa7b8716e711cac0f53a198ea | Triage

Submit
Reports

Overview

overview

Static

static

7

3862431768...0N.exe

windows7-x64

3862431768...0N.exe

windows10-2004-x64

Sharing

General

Target

3862431768357d168771fb7b82de20d0N.exe
Size

33KB
Sample

240707-dnh15avbmd
MD5

3862431768357d168771fb7b82de20d0
SHA1

4b83ed7efdbe7281b7ab827d8baa613a266ecfe3
SHA256

3dd0058415627fd8931b04605dc1e53ea610950aa7b8716e711cac0f53a198ea
SHA512

ee1c48ff9e0e5986b16139b09f0141ab85814570bfe447273ede0ecf1c421bce5b717aa13e07aef8486f4b4630928d3f641ee14a4ee2bf3a497e6de3db4606a7
SSDEEP

768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOT0BcfqSxi:l3h9qQA6hZunrB77777J77c77c77c7Oi

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3862431768357d168771fb7b82de20d0N.exe

Resource

win7-20240705-en

evasion persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

3862431768357d168771fb7b82de20d0N.exe

Resource

win10v2004-20240704-en

persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  3862431768357d168771fb7b82de20d0N.exe
- Size
  
  33KB
- MD5
  
  3862431768357d168771fb7b82de20d0
- SHA1
  
  4b83ed7efdbe7281b7ab827d8baa613a266ecfe3
- SHA256
  
  3dd0058415627fd8931b04605dc1e53ea610950aa7b8716e711cac0f53a198ea
- SHA512
  
  ee1c48ff9e0e5986b16139b09f0141ab85814570bfe447273ede0ecf1c421bce5b717aa13e07aef8486f4b4630928d3f641ee14a4ee2bf3a497e6de3db4606a7
- SSDEEP
  
  768:UEzNbLcQ9qQuVriDMuyuruTD0qB77777J77c77c77c7nOT0BcfqSxi:l3h9qQA6hZunrB77777J77c77c77c7Oi
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

© 2018-2024

Terms | Privacy