General
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.wc.26773
-
Size
3.9MB
-
Sample
201109-rnly6jadds
-
MD5
2f485931b93476f0c395a2b8a14bbad2
-
SHA1
e07ee281b0175ce23d93145d583fc9da038ec7e6
-
SHA256
37c78d45542b2109dcf160591e570469946ffcdfb5042cede4671eef5543c5c9
-
SHA512
f131c01ecdd153732e79e1d996d57a1aaff073f9844b1a5615c1990b730e67ae614e7fca7a00d48e2971d5b016ab7a82104890c657f1cb792bfa7f13f3d2b112
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.wc.26773.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BehavesLike.Win32.Generic.wc.26773.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.Generic.wc.26773
-
Size
3.9MB
-
MD5
2f485931b93476f0c395a2b8a14bbad2
-
SHA1
e07ee281b0175ce23d93145d583fc9da038ec7e6
-
SHA256
37c78d45542b2109dcf160591e570469946ffcdfb5042cede4671eef5543c5c9
-
SHA512
f131c01ecdd153732e79e1d996d57a1aaff073f9844b1a5615c1990b730e67ae614e7fca7a00d48e2971d5b016ab7a82104890c657f1cb792bfa7f13f3d2b112
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Modifies service
-