General
-
Target
https___productmusics.com_ru53332_AIIJu19NYgQAeUACAE1ZFwASABC624QA_pdf-to-zpl-java.exe
-
Size
3.9MB
-
Sample
201123-p5ef5m671n
-
MD5
da31d662e2138426ffaf2c7bbe0a27f9
-
SHA1
ba69106c145dcfd8d5d89338a4a05833f6bf82e6
-
SHA256
fbdcf6ebb76c84c3876adf6f8de5af5c1660aa090234f73b3af26ed15ab3ff9d
-
SHA512
84854ed6c2265b66d0862e67ea01ae8f1fafaafdb72bf708b04f4b54a65a18aae1afdbd848dc32afc8739ec7b1f575056e36d034566c56c6c5ecb6dc9b5e35ca
Static task
static1
Behavioral task
behavioral1
Sample
https___productmusics.com_ru53332_AIIJu19NYgQAeUACAE1ZFwASABC624QA_pdf-to-zpl-java.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
https___productmusics.com_ru53332_AIIJu19NYgQAeUACAE1ZFwASABC624QA_pdf-to-zpl-java.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
https___productmusics.com_ru53332_AIIJu19NYgQAeUACAE1ZFwASABC624QA_pdf-to-zpl-java.exe
-
Size
3.9MB
-
MD5
da31d662e2138426ffaf2c7bbe0a27f9
-
SHA1
ba69106c145dcfd8d5d89338a4a05833f6bf82e6
-
SHA256
fbdcf6ebb76c84c3876adf6f8de5af5c1660aa090234f73b3af26ed15ab3ff9d
-
SHA512
84854ed6c2265b66d0862e67ea01ae8f1fafaafdb72bf708b04f4b54a65a18aae1afdbd848dc32afc8739ec7b1f575056e36d034566c56c6c5ecb6dc9b5e35ca
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Modifies service
-