General
-
Target
7d180125f28a3625c407fee1767c0df3
-
Size
9.7MB
-
Sample
201117-bwcjw2vxxe
-
MD5
b48e8f6cd5f6b0785d39274d0633801d
-
SHA1
7fea985ab3d94abc817360c280a09c59a6b59f58
-
SHA256
4aa2f937edd661a5a3762c25d129d27085562e816e03a7063a5f43446608a730
-
SHA512
32cdb545541acd24a5b878c4c81e70cd2d63542697fce0dc363cadb317a1714bf028b4ad78dc7c1c57db08940e215150f96f6687098970f1ac54c0c7884529ec
Static task
static1
Behavioral task
behavioral1
Sample
7d180125f28a3625c407fee1767c0df3.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
7d180125f28a3625c407fee1767c0df3.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
7d180125f28a3625c407fee1767c0df3
-
Size
9.7MB
-
MD5
b48e8f6cd5f6b0785d39274d0633801d
-
SHA1
7fea985ab3d94abc817360c280a09c59a6b59f58
-
SHA256
4aa2f937edd661a5a3762c25d129d27085562e816e03a7063a5f43446608a730
-
SHA512
32cdb545541acd24a5b878c4c81e70cd2d63542697fce0dc363cadb317a1714bf028b4ad78dc7c1c57db08940e215150f96f6687098970f1ac54c0c7884529ec
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-