General
-
Target
2c.jpg
-
Size
1.6MB
-
Sample
191016-8b56wcmt7e
-
MD5
23943e33c631cfd62558d3b51976c185
-
SHA1
75cb14d1ac8b6dd43ed860f2ed97bec7310ab573
-
SHA256
45521351aa8ff351931e7d7eb7c0d0183184b1adb7484cc0b7a7bba2c992cd24
-
SHA512
768146a7d3143ff802f18d07eae245fcf749f74eb8032cadd010e6584056077fe4ca4d555f46c9640f9522c911dd1f99bd3330e698239b49eaf34563ca847875
Score
10/10
Task
task1
Sample
2c.jpg.exe
Resource
win7
0 signatures
Task
task2
Sample
2c.jpg.exe
Resource
win10
0 signatures
Malware Config
Targets
-
-
Target
2c.jpg
-
Size
1.6MB
-
MD5
23943e33c631cfd62558d3b51976c185
-
SHA1
75cb14d1ac8b6dd43ed860f2ed97bec7310ab573
-
SHA256
45521351aa8ff351931e7d7eb7c0d0183184b1adb7484cc0b7a7bba2c992cd24
-
SHA512
768146a7d3143ff802f18d07eae245fcf749f74eb8032cadd010e6584056077fe4ca4d555f46c9640f9522c911dd1f99bd3330e698239b49eaf34563ca847875
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
troldesh family
-
Checks processor name in registry (likely anti-VM)
-
Deletes shadow copies
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Program crash
-
Adds Run entry to start application
-
Checks system information in the registry (likely anti-VM)
-
Modifies service
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-