General
-
Target
app.exe
-
Size
3.9MB
-
Sample
201117-cw2dvzpta6
-
MD5
4326312f9b727db3ce640416919b4373
-
SHA1
462a3b5ba5bcdf4ea32d967ca0f7c90cbc191317
-
SHA256
57e17fa18d3864f208ee2636681b8ac0142625f0cb7f6929e15b63b350c99703
-
SHA512
4a5bb0167e2bf6553c3fa8bb6e85d6295be7ec63789a019b6afbe39119c0698e9841969df7d3cf53725ff19a9d796719fca3b94803e07df70d223c6f7af349d5
Static task
static1
Behavioral task
behavioral1
Sample
app.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
app.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
app.exe
-
Size
3.9MB
-
MD5
4326312f9b727db3ce640416919b4373
-
SHA1
462a3b5ba5bcdf4ea32d967ca0f7c90cbc191317
-
SHA256
57e17fa18d3864f208ee2636681b8ac0142625f0cb7f6929e15b63b350c99703
-
SHA512
4a5bb0167e2bf6553c3fa8bb6e85d6295be7ec63789a019b6afbe39119c0698e9841969df7d3cf53725ff19a9d796719fca3b94803e07df70d223c6f7af349d5
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Modifies service
-