General
-
Target
ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80
-
Size
417KB
-
Sample
191025-fs2a5gpl12
-
MD5
92eba943bfdf15732f4f8d47d596c38a
-
SHA1
26ce9046dbe35974610caddecee0aa64fb0af99c
-
SHA256
ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80
-
SHA512
1671e609cca1eb6e0bbe5725ff21f23c6c3411474f50bf48a3fb1d845e040ae531614c453b67fe0fdc5e531553992c2e76680d2f8f6f401c7f6c2a66565cef49
Task
task1
Sample
ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80.exe
Resource
win7v191014
Task
task2
Sample
ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80.exe
Resource
win10v191014
Malware Config
Targets
-
-
Target
ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80
-
Size
417KB
-
MD5
92eba943bfdf15732f4f8d47d596c38a
-
SHA1
26ce9046dbe35974610caddecee0aa64fb0af99c
-
SHA256
ec042ea8b6b6a94678df7612bffa69082e772b6c9d8a57b0bc89bc1258046b80
-
SHA512
1671e609cca1eb6e0bbe5725ff21f23c6c3411474f50bf48a3fb1d845e040ae531614c453b67fe0fdc5e531553992c2e76680d2f8f6f401c7f6c2a66565cef49
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Program crash
-
Checks system information in the registry (likely anti-VM)
-
Modifies service
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-