f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302 | Triage

Submit
Reports

Overview

overview

Static

static

7

f6e5335584...02.exe

windows7-x64

f6e5335584...02.exe

windows10-2004-x64

Sharing

General

Target

f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302
Size

51KB
Sample

240701-fcm7tawgpf
MD5

cf872d47394bb55d9cd7b4a96252a9c7
SHA1

021e5cf842602d514fa20a9ac3af5d81525a98b7
SHA256

f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302
SHA512

ffeefe0c4f435005f2892bc4c1d1263255e09b7aca51b5e984c14d3d9f9e284fbed91ac12f89c8db9bccdff5dcc9c4894847b33768f392a69e0e177643bbdd17
SSDEEP

768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3D:nNJb/HkwoLe29UjQ4wqQOLIMVnS3D

Score

10^/10

evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302.exe

Resource

win7-20240419-en

evasion persistence upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302.exe

Resource

win10v2004-20240508-en

evasion persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302
- Size
  
  51KB
- MD5
  
  cf872d47394bb55d9cd7b4a96252a9c7
- SHA1
  
  021e5cf842602d514fa20a9ac3af5d81525a98b7
- SHA256
  
  f6e53355840a9bd28a72315916f76d936febc5974f8a9d58d211b616e0b1d302
- SHA512
  
  ffeefe0c4f435005f2892bc4c1d1263255e09b7aca51b5e984c14d3d9f9e284fbed91ac12f89c8db9bccdff5dcc9c4894847b33768f392a69e0e177643bbdd17
- SSDEEP
  
  768:nNAGAkIo/juokwoL7627d9rIiClJAxiFkJT22euOiya6lHOYxY0x0KS3D:nNJb/HkwoLe29UjQ4wqQOLIMVnS3D
Score

10^/10

evasion persistence upx
- Modifies WinLogon for persistence
  persistence
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Winlogon Helper DLL

Active Setup

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

evasionpersistenceupx

behavioral2

evasionpersistenceupx

© 2018-2024

Terms | Privacy