3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0 | Triage

Submit
Reports

Overview

overview

Static

static

5

3a29a6ce86...0N.exe

windows7-x64

3a29a6ce86...0N.exe

windows10-2004-x64

Sharing

General

Target

3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0N.exe
Size

90KB
Sample

250111-hgpybasjcq
MD5

bc81382662fdb3a0a785f26c8fff9b10
SHA1

2d004acc6168ef54a4c027dd629d5195f383ac3b
SHA256

3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0
SHA512

e2c3018c6ce7cbf9609d5584e6c5237256473c48db3fe6a2bfcf0c7d32476fa781598f1d427128b2aa2fb84da9939a7f4e92b1e168c760395cf48c8fbbfb481e
SSDEEP

1536:XRsjdLaslqdBXvTUL0Hnouy8VjVRsjdLaslqdBXvTUL0Hnouy8Vj:XOJKqsout9VOJKqsout9

Score

10^/10

discovery evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0N.exe

Resource

win7-20240903-en

discovery evasion persistence upx

windows7-x64

20 signatures

120 seconds

Behavioral task

behavioral2

Sample

3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0N.exe

Resource

win10v2004-20241007-en

discovery evasion persistence upx

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Targets

- Target
  
  3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0N.exe
- Size
  
  90KB
- MD5
  
  bc81382662fdb3a0a785f26c8fff9b10
- SHA1
  
  2d004acc6168ef54a4c027dd629d5195f383ac3b
- SHA256
  
  3a29a6ce8691f63227ccd3ef88c5335469239f61563e3ce125cd3d3ad07badd0
- SHA512
  
  e2c3018c6ce7cbf9609d5584e6c5237256473c48db3fe6a2bfcf0c7d32476fa781598f1d427128b2aa2fb84da9939a7f4e92b1e168c760395cf48c8fbbfb481e
- SSDEEP
  
  1536:XRsjdLaslqdBXvTUL0Hnouy8VjVRsjdLaslqdBXvTUL0Hnouy8Vj:XOJKqsout9VOJKqsout9
Score

10^/10

discovery evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables use of System Restore points
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Event Triggered Execution

Change Default File Association

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryevasionpersistenceupx

behavioral2

discoveryevasionpersistenceupx

© 2018-2025

Terms | Privacy