3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

3736ea3381...19.exe

windows7-x64

8

3736ea3381...19.exe

windows10-2004-x64

8

Sharing

General

Target

3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819.exe
Size

588KB
Sample

240821-btdx9atbpa
MD5

5f2f60e0cb2a4b5e2ec849641a3b08dd
SHA1

3fded9610433c618f48176940474b74df6c2b49d
SHA256

3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819
SHA512

7b6ca5ba95234202700e794c266ae5fe51282a79b4bd01c4815bc886290196a0e708d337ea105f89f4b8a43c7e3b15ffab9efbc346bfd26a62de75e603b05bfa
SSDEEP

12288:hrWfN3TrQ/g3iK5iiWjnyOymhwiAAsvYciSdsaNolSbycDNXiG5tc9:hif1gTKETHsOesayS+INHc9

Score

8^/10

defense_evasion discovery evasion execution upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819.exe

Resource

win7-20240708-en

defense_evasion discovery evasion execution upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819.exe

Resource

win10v2004-20240802-en

defense_evasion discovery evasion execution upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819.exe
- Size
  
  588KB
- MD5
  
  5f2f60e0cb2a4b5e2ec849641a3b08dd
- SHA1
  
  3fded9610433c618f48176940474b74df6c2b49d
- SHA256
  
  3736ea3381e5411c891a367acdf0e92cbf890fb926db9a470b6d3cf8fa415819
- SHA512
  
  7b6ca5ba95234202700e794c266ae5fe51282a79b4bd01c4815bc886290196a0e708d337ea105f89f4b8a43c7e3b15ffab9efbc346bfd26a62de75e603b05bfa
- SSDEEP
  
  12288:hrWfN3TrQ/g3iK5iiWjnyOymhwiAAsvYciSdsaNolSbycDNXiG5tc9:hif1gTKETHsOesayS+INHc9
Score

8^/10

defense_evasion discovery evasion execution upx
- Stops running service(s)
  evasion execution
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Indicator Removal

File Deletion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

defense_evasiondiscoveryevasionexecutionupx

behavioral2

defense_evasiondiscoveryevasionexecutionupx

© 2018-2025

Terms | Privacy