127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082 | Triage

Submit
Reports

Overview

overview

8

Static

static

7

127fa3cb3f...82.exe

windows7-x64

8

127fa3cb3f...82.exe

windows10-2004-x64

8

Sharing

General

Target

127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082.exe
Size

232KB
Sample

240704-11214a1hqr
MD5

f58a38386bfb38a323a8081660ddef80
SHA1

af55b0bf9cde4194a9b55cf03eb9613205c79122
SHA256

127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082
SHA512

f616c62ee3bf29dd22a01d072e993b15e43658bbb757d5553ae27daabe5623b18871c284536f0894057df77c46c970feba16e9e4be91c91bb20abbd196f1d0b7
SSDEEP

3072:k1i/NU8bOMYcYYcmy51VRgiFCpCIXUWOLTsEsigcL3P6xxc1Vne1i/NU82OMYcYU:Ci/NjO5xbg/CSUFLTwMjs6wi/N+O7

Score

8^/10

defense_evasion persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082.exe

Resource

win7-20240704-en

defense_evasion persistence upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082.exe

Resource

win10v2004-20240704-en

defense_evasion persistence upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082.exe
- Size
  
  232KB
- MD5
  
  f58a38386bfb38a323a8081660ddef80
- SHA1
  
  af55b0bf9cde4194a9b55cf03eb9613205c79122
- SHA256
  
  127fa3cb3fa54d580eb0369fcca7640f388e0ed85c14a3661bd6d0aa5db43082
- SHA512
  
  f616c62ee3bf29dd22a01d072e993b15e43658bbb757d5553ae27daabe5623b18871c284536f0894057df77c46c970feba16e9e4be91c91bb20abbd196f1d0b7
- SSDEEP
  
  3072:k1i/NU8bOMYcYYcmy51VRgiFCpCIXUWOLTsEsigcL3P6xxc1Vne1i/NU82OMYcYU:Ci/NjO5xbg/CSUFLTwMjs6wi/N+O7
Score

8^/10

defense_evasion persistence upx
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
- Hide Artifacts: Hidden Files and Directories
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Active Setup

Privilege Escalation

Boot or Logon Autostart Execution

Active Setup

Defense Evasion

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

defense_evasionpersistenceupx

behavioral2

defense_evasionpersistenceupx

© 2018-2024

Terms | Privacy