General
-
Target
1c.jpg
-
Size
952KB
-
Sample
191016-s3dg7rrb16
-
MD5
cf28320bf297dadc31406788511a3ccf
-
SHA1
c33a0adc164a99036efab532acbc9f7961672aab
-
SHA256
7ae7c8f3cd7c94a5ac6f9d1665fd48bfb5762b207624a6f34432e163a658abc9
-
SHA512
f113eafa181fd717b8583de4326760ada3c770d216576f5ced001cb4205e161af594f05d060ce99b99a95a12cd6c3b519ed8b30e7eaaf25dfead22e302d2926c
Score
10/10
Task
task1
Sample
1c.jpg.exe
Resource
win7
0 signatures
Task
task2
Sample
1c.jpg.exe
Resource
win10
0 signatures
Malware Config
Targets
-
-
Target
1c.jpg
-
Size
952KB
-
MD5
cf28320bf297dadc31406788511a3ccf
-
SHA1
c33a0adc164a99036efab532acbc9f7961672aab
-
SHA256
7ae7c8f3cd7c94a5ac6f9d1665fd48bfb5762b207624a6f34432e163a658abc9
-
SHA512
f113eafa181fd717b8583de4326760ada3c770d216576f5ced001cb4205e161af594f05d060ce99b99a95a12cd6c3b519ed8b30e7eaaf25dfead22e302d2926c
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
troldesh family
-
Checks processor name in registry (likely anti-VM)
-
Deletes shadow copies
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Loads dropped DLL
-
Program crash
-
Adds Run entry to start application
-
Checks system information in the registry (likely anti-VM)
-
Modifies service
-
Sets desktop wallpaper using registry
-