Overview

overview

10

Static

static

10

source_prepared.exe

windows10-2004-x64

8

source_prepared.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    source_prepared.exe

  • Size

    77.0MB

  • Sample

    240827-1k1s4avcjq

  • MD5

    9edee4c284f181714dade9e407c93a5f

  • SHA1

    953e6f46c53db42e1d709b3a0d7e0c3e25bf8981

  • SHA256

    faea9bdfcd246899ec5f8deb2686269e1e05cdc18d2d37c302702f2d17296645

  • SHA512

    2ea4b3a899b48e2ad4ad46090239c5a90d766bb66539e2e5d5475d4227eeef9bacd1541080ad7ea903e116b9b80c3e8bab6d7386a2bec7a9fde1bd9c7e9ffeb4

  • SSDEEP

    1572864:3vHcRlKW/h7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghhFreDE5V37U:3vHcRYYhTSkB05awcfLdMpuFhFrO+o

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      77.0MB

    • MD5

      9edee4c284f181714dade9e407c93a5f

    • SHA1

      953e6f46c53db42e1d709b3a0d7e0c3e25bf8981

    • SHA256

      faea9bdfcd246899ec5f8deb2686269e1e05cdc18d2d37c302702f2d17296645

    • SHA512

      2ea4b3a899b48e2ad4ad46090239c5a90d766bb66539e2e5d5475d4227eeef9bacd1541080ad7ea903e116b9b80c3e8bab6d7386a2bec7a9fde1bd9c7e9ffeb4

    • SSDEEP

      1572864:3vHcRlKW/h7vXSk8IpG7V+VPhqYdfME7tlHegiYweyJulZUdghhFreDE5V37U:3vHcRYYhTSkB05awcfLdMpuFhFrO+o

    Score
    8/10
    evasionexecutionpersistenceupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks