f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

f7becf3fa0...34.dll

windows7-x64

7

f7becf3fa0...34.dll

windows10-2004-x64

8

Sharing

General

Target

f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34
Size

424KB
Sample

240701-fc5f4awgqf
MD5

4af4f3666ccdefddc9ccf9ba7a7a549c
SHA1

1a97245dd601ea82bed3c5475565d9678beef772
SHA256

f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34
SHA512

dfac6088677e15b732aea519d8db518aa1a2d052e24e1da4fda9890b55f6788358c360dc3a759814efa3ad6b8fe62a90807f15685e81a0af70f6c245ad46c5ca
SSDEEP

12288:CAxQYR/OYEFH37Qghy6nKJoDBQ/DwBjvrEH7Tf:tP2h6oDCerEH7Tf

Score

8^/10

persistence privilege_escalation upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34.dll

Resource

win7-20240508-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34.dll

Resource

win10v2004-20240226-en

persistence privilege_escalation upx

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34
- Size
  
  424KB
- MD5
  
  4af4f3666ccdefddc9ccf9ba7a7a549c
- SHA1
  
  1a97245dd601ea82bed3c5475565d9678beef772
- SHA256
  
  f7becf3fa06006d4f12f7c6b04cdded8ceed0d97cca3b76157d157d3f6257b34
- SHA512
  
  dfac6088677e15b732aea519d8db518aa1a2d052e24e1da4fda9890b55f6788358c360dc3a759814efa3ad6b8fe62a90807f15685e81a0af70f6c245ad46c5ca
- SSDEEP
  
  12288:CAxQYR/OYEFH37Qghy6nKJoDBQ/DwBjvrEH7Tf:tP2h6oDCerEH7Tf
Score

8^/10

upx persistence privilege_escalation
- Event Triggered Execution: AppInit DLLs
  Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
  persistence privilege_escalation
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

AppInit DLLs

Privilege Escalation

Event Triggered Execution

AppInit DLLs

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

persistenceprivilege_escalationupx

© 2018-2024

Terms | Privacy