5e459c5f3a6094023f33193e0b7076cb461f48d3e798148d409273d00d5e3dd9 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

AutodeskLi...er.exe

windows7-x64

8

AutodeskLi...er.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

Target

AutodeskLicensePatcherInstaller.exe
Size

1.2MB
Sample

240710-farr8ayglb
MD5

dd79c4e23141176c0d90494c8b724f7f
SHA1

b1c36b70f3c3319de8de0d8663eba8dfee1e65ec
SHA256

5e459c5f3a6094023f33193e0b7076cb461f48d3e798148d409273d00d5e3dd9
SHA512

a28d4cd9782c8d8f46e9243f52977a353e4a706e8949540fd47188f47d374a4d059a571aaa9c843bfcc4a9b046ef31569f67cbb6ba5310fa26d27bae540acc27
SSDEEP

24576:Lrr/9e2rDc30x5tUewSFYndCfeI+GajylnGhj9EirEuaXmSmmirrZV:LHLzxbUJndWeMln8FrmXmSm5RV

Score

8^/10

defense_evasion evasion execution persistence privilege_escalation upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

AutodeskLicensePatcherInstaller.exe

Resource

win7-20240708-en

defense_evasion evasion execution persistence privilege_escalation upx

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

AutodeskLicensePatcherInstaller.exe

Resource

win10v2004-20240709-en

defense_evasion evasion execution persistence privilege_escalation upx

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  AutodeskLicensePatcherInstaller.exe
- Size
  
  1.2MB
- MD5
  
  dd79c4e23141176c0d90494c8b724f7f
- SHA1
  
  b1c36b70f3c3319de8de0d8663eba8dfee1e65ec
- SHA256
  
  5e459c5f3a6094023f33193e0b7076cb461f48d3e798148d409273d00d5e3dd9
- SHA512
  
  a28d4cd9782c8d8f46e9243f52977a353e4a706e8949540fd47188f47d374a4d059a571aaa9c843bfcc4a9b046ef31569f67cbb6ba5310fa26d27bae540acc27
- SSDEEP
  
  24576:Lrr/9e2rDc30x5tUewSFYndCfeI+GajylnGhj9EirEuaXmSmmirrZV:LHLzxbUJndWeMln8FrmXmSm5RV
Score

8^/10

defense_evasion evasion execution persistence privilege_escalation upx
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Access Token Manipulation

Create Process with Token

Create or Modify System Process

Windows Service

Event Triggered Execution

Netsh Helper DLL

Scheduled Task/Job

Scheduled Task

Defense Evasion

Access Token Manipulation

Create Process with Token

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionevasionexecutionpersistenceprivilege_escalationupx

behavioral2

defense_evasionevasionexecutionpersistenceprivilege_escalationupx

© 2018-2025

Terms | Privacy