Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
08-07-2024 20:59
Static task
static1
Behavioral task
behavioral1
Sample
0615da8d90f0e5ae26f51570f94307a0N.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
0615da8d90f0e5ae26f51570f94307a0N.exe
Resource
win10v2004-20240704-en
General
-
Target
0615da8d90f0e5ae26f51570f94307a0N.exe
-
Size
70KB
-
MD5
0615da8d90f0e5ae26f51570f94307a0
-
SHA1
0b27b13e7d70cd7b3086d5a65c70bfb8b37f9462
-
SHA256
af9aa95f110a746797ee9e01cec1da5d77b0cae81c7f404d900f3469a1192677
-
SHA512
ccf96ac7c022cd72788f72b220d5490be1a4826323df419c509929e7842d2fb19ad1978af3271d2c6926086768dd363a0a7c89caadeb4eb07e41e8870b99d6b3
-
SSDEEP
1536:5Y9jw/dUT62rGdiUOWWrMffJ+AxM+I+ceWgP/KmVQoc:5Y9CUT62/UOVMffJ+AW+I+cP
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
pid Process 2876 szgfw.exe -
Loads dropped DLL 2 IoCs
pid Process 2780 0615da8d90f0e5ae26f51570f94307a0N.exe 2780 0615da8d90f0e5ae26f51570f94307a0N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2780 wrote to memory of 2876 2780 0615da8d90f0e5ae26f51570f94307a0N.exe 31 PID 2780 wrote to memory of 2876 2780 0615da8d90f0e5ae26f51570f94307a0N.exe 31 PID 2780 wrote to memory of 2876 2780 0615da8d90f0e5ae26f51570f94307a0N.exe 31 PID 2780 wrote to memory of 2876 2780 0615da8d90f0e5ae26f51570f94307a0N.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\0615da8d90f0e5ae26f51570f94307a0N.exe"C:\Users\Admin\AppData\Local\Temp\0615da8d90f0e5ae26f51570f94307a0N.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2780 -
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
PID:2876
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD5131bb6e335b55bade09bad68a37ea180
SHA1e7d1b6d057df9b87e37e90f597b4ab9f28b3e0c3
SHA25685ab9ffe5713dfc25f0ec652c670f1f029b7734c6634fc23f0684c5d17f3958f
SHA512eee1ae4e88941e60f8d1341b5bb32958d5ae05ea4e53dfa848e875622dec36c9a5734315856ae5b445c2c907e51ab522074021a23f123c742c5fbe6ac6125384