Overview

overview

7

Static

static

7

noce.exe

windows7-x64

7

noce.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    noce.exe

  • Size

    163KB

  • Sample

    240919-dmqdtaxhrn

  • MD5

    6ebf9a196cafa58b75b782ece987d8f3

  • SHA1

    f3d5fc4ae7de15375421d06e6d79371a6f1253b9

  • SHA256

    0a942e6321f9781ac5e1cbbdb2f2f9dd63fc4d6242d126a2b4dc9616ebdf2f8b

  • SHA512

    8a82a64c8d9809b23fb6287cbc3ac62ea51e31426e2a1c13c99452761722757b9f7590acf931122673d31a548a1fd42b47e9c0e007817ab83b31c487ad5c83b2

  • SSDEEP

    3072:6m8QyMWSVCqwT1h+popOOfaPOx5P+m/pNdhZ1QYUdq:WqwJh+6pAkGm/pH1gdq

Score
7/10
discoverypersistenceupx

Malware Config

Targets

    • Target

      noce.exe

    • Size

      163KB

    • MD5

      6ebf9a196cafa58b75b782ece987d8f3

    • SHA1

      f3d5fc4ae7de15375421d06e6d79371a6f1253b9

    • SHA256

      0a942e6321f9781ac5e1cbbdb2f2f9dd63fc4d6242d126a2b4dc9616ebdf2f8b

    • SHA512

      8a82a64c8d9809b23fb6287cbc3ac62ea51e31426e2a1c13c99452761722757b9f7590acf931122673d31a548a1fd42b47e9c0e007817ab83b31c487ad5c83b2

    • SSDEEP

      3072:6m8QyMWSVCqwT1h+popOOfaPOx5P+m/pNdhZ1QYUdq:WqwJh+6pAkGm/pH1gdq

    Score
    7/10
    discoverypersistenceupx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks