a4b2f0d1ec6c95c34855783132ecdef02e5f81b7f8faf02d6bfe880dc79c507b | Triage

Submit
Reports

Overview

overview

Static

static

7

de206bab0f...0N.exe

windows7-x64

de206bab0f...0N.exe

windows10-2004-x64

Sharing

General

Target

de206bab0f5e87d52ed35acf947aa5b0N.exe
Size

51KB
Sample

240915-j4zxgathrk
MD5

de206bab0f5e87d52ed35acf947aa5b0
SHA1

7a96f073c22d05ede36f5d65d41294201e264c5b
SHA256

a4b2f0d1ec6c95c34855783132ecdef02e5f81b7f8faf02d6bfe880dc79c507b
SHA512

77b3cb49daef8de95098e96c65e9825283ec04d2963188bab83b9725638d9eb9a0fa670b340d4b44ce705074465fb18322c60fbad57e460c5909003e86a07051
SSDEEP

768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3j:nNJb/HkwoLe29UjQ4wqQOLIMVnS3j

Score

10^/10

discovery evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

de206bab0f5e87d52ed35acf947aa5b0N.exe

Resource

win7-20240903-en

discovery evasion persistence upx

windows7-x64

15 signatures

120 seconds

Behavioral task

behavioral2

Sample

de206bab0f5e87d52ed35acf947aa5b0N.exe

Resource

win10v2004-20240802-en

discovery evasion persistence upx

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  de206bab0f5e87d52ed35acf947aa5b0N.exe
- Size
  
  51KB
- MD5
  
  de206bab0f5e87d52ed35acf947aa5b0
- SHA1
  
  7a96f073c22d05ede36f5d65d41294201e264c5b
- SHA256
  
  a4b2f0d1ec6c95c34855783132ecdef02e5f81b7f8faf02d6bfe880dc79c507b
- SHA512
  
  77b3cb49daef8de95098e96c65e9825283ec04d2963188bab83b9725638d9eb9a0fa670b340d4b44ce705074465fb18322c60fbad57e460c5909003e86a07051
- SSDEEP
  
  768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3j:nNJb/HkwoLe29UjQ4wqQOLIMVnS3j
Score

10^/10

discovery evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2025

Terms | Privacy