Overview

overview

10

Static

static

10

Warden.exe

windows11-21h2-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Warden.exe

  • Size

    8.3MB

  • Sample

    241026-xe42sayckk

  • MD5

    3763392a286de739ce2e6b017203d992

  • SHA1

    de08bb972a11d00582b00f4feff553281d884121

  • SHA256

    378a0e33acd8f92552291a118b8fd5d09649d84f9856137bf3cdfa123e6871d0

  • SHA512

    5c6ab52054f5b35173e4459dcfdbdf500e72ab6684cd7940e03771524cd94bc04526b2c1e6995d9c8af529316fce06fae2575d1bc0d23bad56af79aa518d1bee

  • SSDEEP

    196608:KlgpSwfI9jUC2gYBYv3vbW4SE3DcGiwwnb:3HIH2gYBgDWZIjf6b

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      Warden.exe

    • Size

      8.3MB

    • MD5

      3763392a286de739ce2e6b017203d992

    • SHA1

      de08bb972a11d00582b00f4feff553281d884121

    • SHA256

      378a0e33acd8f92552291a118b8fd5d09649d84f9856137bf3cdfa123e6871d0

    • SHA512

      5c6ab52054f5b35173e4459dcfdbdf500e72ab6684cd7940e03771524cd94bc04526b2c1e6995d9c8af529316fce06fae2575d1bc0d23bad56af79aa518d1bee

    • SSDEEP

      196608:KlgpSwfI9jUC2gYBYv3vbW4SE3DcGiwwnb:3HIH2gYBgDWZIjf6b

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks