Analysis
-
max time kernel
149s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-01-2024 19:20
Static task
static1
Behavioral task
behavioral1
Sample
80a8531daf154b945db7f38de40a8976.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
80a8531daf154b945db7f38de40a8976.exe
Resource
win10v2004-20231222-en
General
-
Target
80a8531daf154b945db7f38de40a8976.exe
-
Size
12KB
-
MD5
80a8531daf154b945db7f38de40a8976
-
SHA1
220ee5a1f816ff477621758f1282efa973fc484b
-
SHA256
1a875b277b6d3c8cbd10c655f583d79bcb0819ac3e1d936fada5ee3d0b43b5fe
-
SHA512
2c0ecdbae4c25f7fccc25e867db9969350e8a191c175865b3bbf060deb32d2801507396ba9598341dc614d87a5ee70522e5b8dbd61ca5436df8905d279eeeb31
-
SSDEEP
384:6K+dKfzQHxFxRmyja4QhiP7UlY/pjKhYjlylMeyye37DyQ:v+dAURFxna4QAPQlYghmlylMeyye3/yQ
Malware Config
Signatures
-
Upatre
Upatre is a generic malware downloader.
-
Executes dropped EXE 1 IoCs
Processes:
szgfw.exepid process 2948 szgfw.exe -
Loads dropped DLL 2 IoCs
Processes:
80a8531daf154b945db7f38de40a8976.exepid process 3048 80a8531daf154b945db7f38de40a8976.exe 3048 80a8531daf154b945db7f38de40a8976.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
80a8531daf154b945db7f38de40a8976.exedescription pid process target process PID 3048 wrote to memory of 2948 3048 80a8531daf154b945db7f38de40a8976.exe szgfw.exe PID 3048 wrote to memory of 2948 3048 80a8531daf154b945db7f38de40a8976.exe szgfw.exe PID 3048 wrote to memory of 2948 3048 80a8531daf154b945db7f38de40a8976.exe szgfw.exe PID 3048 wrote to memory of 2948 3048 80a8531daf154b945db7f38de40a8976.exe szgfw.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\80a8531daf154b945db7f38de40a8976.exe"C:\Users\Admin\AppData\Local\Temp\80a8531daf154b945db7f38de40a8976.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exe"C:\Users\Admin\AppData\Local\Temp\szgfw.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\szgfw.exeFilesize
12KB
MD5257641ff443322cc95dcd47c6d93f664
SHA1ea0ecee00fb43f7ac1e53cbc060064790a166817
SHA256d776c8feacded35cba94281b07a2949cc07d8acff91cf556be0815cc6e54edb7
SHA512cea4b7478177ec6e54a0b20b55934763f394ec38e52d74de46d676d6d7c53d0070badd51061b02575105b20f9541bfffb6a5f5f7d7af5a333924fef98ac3b3ce