hxxps://file[.]fan/3813e1da0f904a05 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://file.fan/381...

windows10-1703-x64

8

https://file.fan/381...

windows10-2004-x64

1

https://file.fan/381...

windows11-21h2-x64

8

Sharing

General

Target

https://file.fan/3813e1da0f904a05
Sample

240627-11rv5atdlf

Score

8^/10

discovery execution exploit persistence upx

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://file.fan/3813e1da0f904a05

Resource

win10-20240404-en

discovery execution exploit persistence upx

windows10-1703-x64

31 signatures

1800 seconds

Behavioral task

behavioral2

Sample

https://file.fan/3813e1da0f904a05

Resource

win10v2004-20240508-en

windows10-2004-x64

8 signatures

1800 seconds

Behavioral task

behavioral3

Sample

https://file.fan/3813e1da0f904a05

Resource

win11-20240611-en

discovery execution persistence upx

windows11-21h2-x64

28 signatures

1800 seconds

Malware Config

Targets

- Target
  
  https://file.fan/3813e1da0f904a05
Score

8^/10

discovery execution exploit persistence upx
- Creates new service(s)
  persistence execution
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Possible privilege escalation attempt
  exploit
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

System Services

Service Execution

Scheduled Task/Job

Scheduled Task

Persistence

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Create or Modify System Process

Windows Service

Event Triggered Execution

Image File Execution Options Injection

Scheduled Task/Job

Scheduled Task

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

discoveryexecutionexploitpersistenceupx

behavioral2

behavioral3

discoveryexecutionpersistenceupx

© 2018-2024

Terms | Privacy