Overview

overview

10

Static

static

10

test.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    test.exe

  • Size

    87.4MB

  • Sample

    250216-qnkk6symcj

  • MD5

    2244734230e5c74e84cb8dba4b7f9a29

  • SHA1

    a602ca0503aaa99e06712b1295cc938d042f9272

  • SHA256

    eac108cce77fe1970b7575de0a7de2d60fdeee9c56337d1e787e36a070bf6dfa

  • SHA512

    d87d58cfef693a0a1c7e65d052bc7458a3435aad9fbe283f37f8b12e3fa723f1d54da50fa687723792d1fcf2e1af14ed6f1f655e30360d6fed1012762ec7470b

  • SSDEEP

    1572864:Q2GKlgWjDbOkiqOv8im2AzJE7Bbli08iYgj+h58sMwYVDwOB:QnKiCbOknOv8i3mSw025Uhw

Score
10/10
pysilondefense_evasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      test.exe

    • Size

      87.4MB

    • MD5

      2244734230e5c74e84cb8dba4b7f9a29

    • SHA1

      a602ca0503aaa99e06712b1295cc938d042f9272

    • SHA256

      eac108cce77fe1970b7575de0a7de2d60fdeee9c56337d1e787e36a070bf6dfa

    • SHA512

      d87d58cfef693a0a1c7e65d052bc7458a3435aad9fbe283f37f8b12e3fa723f1d54da50fa687723792d1fcf2e1af14ed6f1f655e30360d6fed1012762ec7470b

    • SSDEEP

      1572864:Q2GKlgWjDbOkiqOv8im2AzJE7Bbli08iYgj+h58sMwYVDwOB:QnKiCbOknOv8i3mSw025Uhw

    Score
    9/10
    defense_evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      defense_evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks