480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3 | Triage

Submit
Reports

Overview

overview

7

Static

static

7

480f965a7a...b3.exe

windows7-x64

7

480f965a7a...b3.exe

windows10-2004-x64

7

Sharing

General

Target

480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3
Size

1.3MB
Sample

240726-cec8vasdra
MD5

957b22fe20ae5fbd9887478f59a8a428
SHA1

4360ef1cf5906f0955358344a64c2070a875f55c
SHA256

480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3
SHA512

109d44e22483e330923924423e1907dbdf1c91f478a72596376aacffe26fb95dd6ab0a4d5a25ec58e88aced73d15a6bc6f32038f09fee6902faf1879f16a9337
SSDEEP

24576:HDNhG5ER2XGfLwZY8i6PKlIZKf19Ov6iPk1ZRaVETQcuR05X2WGeO:HDNhmtXWmHPU1K6B1Obcu25XTGV

Score

7^/10

discovery persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3.exe

Resource

win7-20240704-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3.exe

Resource

win10v2004-20240709-en

discovery persistence upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3
- Size
  
  1.3MB
- MD5
  
  957b22fe20ae5fbd9887478f59a8a428
- SHA1
  
  4360ef1cf5906f0955358344a64c2070a875f55c
- SHA256
  
  480f965a7ac2d1013a4923fff2aa81b494003ee90f5614617ad6dc9e65c41bb3
- SHA512
  
  109d44e22483e330923924423e1907dbdf1c91f478a72596376aacffe26fb95dd6ab0a4d5a25ec58e88aced73d15a6bc6f32038f09fee6902faf1879f16a9337
- SSDEEP
  
  24576:HDNhG5ER2XGfLwZY8i6PKlIZKf19Ov6iPk1ZRaVETQcuR05X2WGeO:HDNhmtXWmHPU1K6B1Obcu25XTGV
Score

7^/10

discovery upx persistence
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoverypersistenceupx

© 2018-2024

Terms | Privacy