Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
25-07-2024 01:46
General
-
Target
LisectAVT_2403002C_186.exe
-
Size
11KB
-
MD5
cfb689cffbeca7ceaffdac627b209c13
-
SHA1
7d37df83a837496f45a8b85f0a37ca3c9a8236c3
-
SHA256
275e0eec0743473456e95b590997945f76fad722bff15c2cd43bc2bb8a613c14
-
SHA512
9ca4726f84cfb592295c6da066c13eb89ba8dfc4c6fcc71aea16af26cc3d236c095a801833aa115e978581376aa8e68254520ce5ede30dcd835ad7a5dbc7b35b
-
SSDEEP
192:9mUWKs/RnKfzShH/JFxRmyja4QhiP7UlZSyGjpjWD7jqPlyjGwQ:6K+dKfzQHxFxRmyja4QhiP7UlY/pjK7W
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\LisectAVT_2403002C_186.exe"C:\Users\Admin\AppData\Local\Temp\LisectAVT_2403002C_186.exe"1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5781eb231a6dcd8e8a4fc1e445323195f
SHA1604e0001b5a9b9a592c939b295a951121e664b7c
SHA256eebecd64a0b49d61592c44062ecae53d2d4c7c78d10fa2b171de767ed239a910
SHA512a491fd268343769c63aa25d60dab46b9832c71f8811b9f5d9a43b2d75b9f39f89740cbd1b9e966f8e1cf045b4e8e0162499b1aaa095428f4c0270431251639a1