General
-
Target
Propuesta__estrategia.exe
-
Size
737KB
-
Sample
201104-jsrkglt876
-
MD5
1522721771bb8874e0fb7b721047ad59
-
SHA1
630962f13ab5d00d762a4c14b7a91ab170de6b8d
-
SHA256
037a3fc1820352b1369d4fcf5719c6607c6c0204cdc57f78b54f07701b5b2437
-
SHA512
7eb6a34c34c27d611f101856de416422f64d020a5032974bf4cee81ed723f41cf686f0a4be7e49d3ca2b51906baa2c16cbd659406b576c81a7f2aef2922ed17e
Static task
static1
Behavioral task
behavioral1
Sample
Propuesta__estrategia.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Propuesta__estrategia.exe
-
Size
737KB
-
MD5
1522721771bb8874e0fb7b721047ad59
-
SHA1
630962f13ab5d00d762a4c14b7a91ab170de6b8d
-
SHA256
037a3fc1820352b1369d4fcf5719c6607c6c0204cdc57f78b54f07701b5b2437
-
SHA512
7eb6a34c34c27d611f101856de416422f64d020a5032974bf4cee81ed723f41cf686f0a4be7e49d3ca2b51906baa2c16cbd659406b576c81a7f2aef2922ed17e
-
Modifies firewall policy service
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-