705e063756f4ea90d24baa066695388fc482b97efd59518b4ed0d1fff33ceb05 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Block.exe
Size

2.1MB
Sample

240925-yr991avejr
MD5

021ce337a7253105da330ddaa88bd173
SHA1

2c647d38e5ec3e12f1767d76f0a44cbad2b62204
SHA256

705e063756f4ea90d24baa066695388fc482b97efd59518b4ed0d1fff33ceb05
SHA512

a11d2644c51af0f60cf7889085a1a87a7550a17d3e325c61d59db30ba351d8c4fe1b9a7dcf6fed375afea21b9d326baa0738c4679efbeb87cb5a542307b5dc20
SSDEEP

49152:bU12GPKxg8N8CkmE7DJoMVV/f9Ubu/GUPj9h0D6JFiHgp145rsRJmA2QwD:bUwRxg8N81Jv3v/GULHJF2gz45K

Score

10^/10

defense_evasion evasion persistence privilege_escalation trojan upx

Malware Config

Targets

- Target
  
  Block.exe
- Size
  
  2.1MB
- MD5
  
  021ce337a7253105da330ddaa88bd173
- SHA1
  
  2c647d38e5ec3e12f1767d76f0a44cbad2b62204
- SHA256
  
  705e063756f4ea90d24baa066695388fc482b97efd59518b4ed0d1fff33ceb05
- SHA512
  
  a11d2644c51af0f60cf7889085a1a87a7550a17d3e325c61d59db30ba351d8c4fe1b9a7dcf6fed375afea21b9d326baa0738c4679efbeb87cb5a542307b5dc20
- SSDEEP
  
  49152:bU12GPKxg8N8CkmE7DJoMVV/f9Ubu/GUPj9h0D6JFiHgp145rsRJmA2QwD:bUwRxg8N81Jv3v/GULHJF2gz45K
Score

10^/10

defense_evasion evasion persistence privilege_escalation trojan upx
- UAC bypass
  evasion trojan
- Hijack Execution Flow: Executable Installer File Permissions Weakness
  Possible Turn off User Account Control's privilege elevation for standard users.
  defense_evasion persistence privilege_escalation
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Executable Installer File Permissions Weakness

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Hijack Execution Flow

Executable Installer File Permissions Weakness

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hijack Execution Flow

Executable Installer File Permissions Weakness

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasionevasionpersistenceprivilege_escalationtrojanupx