Overview

overview

10

Static

static

10

C.WIN_Crack.exe

windows10-2004-x64

8

Resubmissions

29-10-2024 00:33

241029-awkm5syndt 10

29-10-2024 00:28

241029-asrmaaymf1 10

28-10-2024 17:49

241028-wd7wlsvblc 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C.WIN_Crack.exe

  • Size

    7.6MB

  • Sample

    241029-asrmaaymf1

  • MD5

    44b04397f4917fd985d60e19ee7047ee

  • SHA1

    36e33d3d15c9d1316769854db23e33e448797e0d

  • SHA256

    a3cf3e2f4e08aadefe6465bb9c19e30766375d778ffa0837a08ffbfd43d24fc3

  • SHA512

    2d2135ca7c53e7982c9cb99c0a9091cee8a0091e252918b4507d9ada601c9aae4a32fd20fee0ceb58b86cf76e50c866a794bb83242aac6e17d1aec0016aecdf6

  • SSDEEP

    196608:5ttRjurErvI9pWjgaAnajMsK2CfQCS/OinHC1e:vtRjurEUWjJjYRoPhHYe

Score
10/10
blankgrabberdiscoveryexecutionupx

Malware Config

Targets

    • Target

      C.WIN_Crack.exe

    • Size

      7.6MB

    • MD5

      44b04397f4917fd985d60e19ee7047ee

    • SHA1

      36e33d3d15c9d1316769854db23e33e448797e0d

    • SHA256

      a3cf3e2f4e08aadefe6465bb9c19e30766375d778ffa0837a08ffbfd43d24fc3

    • SHA512

      2d2135ca7c53e7982c9cb99c0a9091cee8a0091e252918b4507d9ada601c9aae4a32fd20fee0ceb58b86cf76e50c866a794bb83242aac6e17d1aec0016aecdf6

    • SSDEEP

      196608:5ttRjurErvI9pWjgaAnajMsK2CfQCS/OinHC1e:vtRjurEUWjJjYRoPhHYe

    Score
    8/10
    discoveryexecutionupx

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

      discovery

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks