General
-
Target
473b99ecfc3b75620f6201898e1d8f74.exe
-
Size
473KB
-
Sample
201109-avcdqa5kls
-
MD5
473b99ecfc3b75620f6201898e1d8f74
-
SHA1
d30e8402cfdd0c2bb67c9c27fbba685682861818
-
SHA256
0cd84bfd6c8c5f61e644286675ece0013aafea6a538f899afc544bcbc0c00f75
-
SHA512
45b4ef4bf7fd28543ee1f1ac738fe66daebb1cffd45f4cd357d9e6a86419da184764ef66adb854dcb985a5b5259d2de1a6c3fa67f3e3c52e8582f2fe538dbba8
Static task
static1
Behavioral task
behavioral1
Sample
473b99ecfc3b75620f6201898e1d8f74.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
473b99ecfc3b75620f6201898e1d8f74.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
473b99ecfc3b75620f6201898e1d8f74.exe
-
Size
473KB
-
MD5
473b99ecfc3b75620f6201898e1d8f74
-
SHA1
d30e8402cfdd0c2bb67c9c27fbba685682861818
-
SHA256
0cd84bfd6c8c5f61e644286675ece0013aafea6a538f899afc544bcbc0c00f75
-
SHA512
45b4ef4bf7fd28543ee1f1ac738fe66daebb1cffd45f4cd357d9e6a86419da184764ef66adb854dcb985a5b5259d2de1a6c3fa67f3e3c52e8582f2fe538dbba8
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-