Managed XDR

folderlock.exe (Hupigon) — malware analysis report

File info

Filename
folderlock.exe
File type
PE32 executable (GUI) Intel 80386, for MS Windows
File size
10.1 MB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
99ffe09622fb0005fbb1186a4a03b3a8bd1a0d82
SHA256
a5ead885cd05132b9ab8a4464beb2e64aa44db2a69f908a508ab0fbc625b8e54
MD5
33428954be05fc8e353414358bc12d81

Malwares

  • Hupigon

Signatures

Persistence

T1574 dropper_dll: Creates DLL, which is then loaded into the process

Privilege Escalation

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1574 dropper_dll: Creates DLL, which is then loaded into the process
T1027.002 packer_vb: The executable file is packed using VB
T1480 system_default_lang_id_present: Checks the system language
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1057 process_interest: Enumerates processes

Command and Control

T1071.001 winhttp_https: Performs HTTP/HTTPS requests using WinHttp

Other

yara_rules: Static rules
creates_exe: Creates executable files in the file system
dns_without_resolve: DNS query without a response
executes_dropped_exe: Executes dropped exe files
unexpected_exception: Unexpected exception
error_drawtext: An error occured while executing the file
pe_overlay: PE file contains overlay

Related reports