deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357b | Triage

Submit
Reports

Overview

overview

Static

static

7

deef838d2b...bN.exe

windows7-x64

deef838d2b...bN.exe

windows10-2004-x64

Sharing

General

Target

deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357bN
Size

272KB
Sample

240920-dj5dkavfqc
MD5

95de9376b597412e1c6fc1624c911750
SHA1

e8430eb33c8ba229e98b5dedf929670ee3d868c8
SHA256

deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357b
SHA512

15d2ebf835ee2d3be8ff44d17688203b71930dfe5bf3527e115491ce57ad8af52e7b05df4232390aa5fa23c7652acfe49bff154f9a14ea27967ec36a437a6684
SSDEEP

3072:KMBGBT753QolRgWgMlIx1ZiXjb6aEF6D0NM9voeLNZ2j8CY2:Tw757lRgWg4aAXjb6aEFfooeLNZxC

Score

10^/10

discovery evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357bN.exe

Resource

win7-20240903-en

discovery evasion persistence upx

windows7-x64

19 signatures

120 seconds

Behavioral task

behavioral2

Sample

deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357bN.exe

Resource

win10v2004-20240802-en

discovery evasion persistence upx

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357bN
- Size
  
  272KB
- MD5
  
  95de9376b597412e1c6fc1624c911750
- SHA1
  
  e8430eb33c8ba229e98b5dedf929670ee3d868c8
- SHA256
  
  deef838d2baeea363d173b06b0f687507d6d778fd3da7859664b00bd002a357b
- SHA512
  
  15d2ebf835ee2d3be8ff44d17688203b71930dfe5bf3527e115491ce57ad8af52e7b05df4232390aa5fa23c7652acfe49bff154f9a14ea27967ec36a437a6684
- SSDEEP
  
  3072:KMBGBT753QolRgWgMlIx1ZiXjb6aEF6D0NM9voeLNZ2j8CY2:Tw757lRgWg4aAXjb6aEFfooeLNZxC
Score

10^/10

discovery evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Modifies system executable filetype association
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Modifies WinLogon
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2025

Terms | Privacy