Overview

overview

10

Static

static

10

RUNCECE.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RUNCECE.exe

  • Size

    20.8MB

  • Sample

    241006-pdh4xsxfmf

  • MD5

    6f54b4191ac9d44e27ab567bf26e4768

  • SHA1

    244de438e62d815483561b99550a8b02a2a7625c

  • SHA256

    da2ecdafa3fbcc59f30fed701e9c3529432bcc479fc18ffe575310601d8e4576

  • SHA512

    284b786e1772db32718b11d0cf2cc65e51259648c16f130ac31b353e3b421e762e2ee5869540d161bd8d7535e06da9bc984cdf3bf6982c15d9a4dab3b5491081

  • SSDEEP

    393216:PUdMOZ0JTQDXYCxnOshouIkPUktRL5okJb8LgSUu16RCOdi99AC:PUdMOZ0JTQ7YCxOwouYktRLSaLSqIrj

Score
10/10
pysilonexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      RUNCECE.exe

    • Size

      20.8MB

    • MD5

      6f54b4191ac9d44e27ab567bf26e4768

    • SHA1

      244de438e62d815483561b99550a8b02a2a7625c

    • SHA256

      da2ecdafa3fbcc59f30fed701e9c3529432bcc479fc18ffe575310601d8e4576

    • SHA512

      284b786e1772db32718b11d0cf2cc65e51259648c16f130ac31b353e3b421e762e2ee5869540d161bd8d7535e06da9bc984cdf3bf6982c15d9a4dab3b5491081

    • SSDEEP

      393216:PUdMOZ0JTQDXYCxnOshouIkPUktRL5okJb8LgSUu16RCOdi99AC:PUdMOZ0JTQ7YCxOwouYktRLSaLSqIrj

    Score
    9/10
    executionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks