General
-
Target
SecuriteInfo.com.FileRepMalware.4542
-
Size
3.7MB
-
Sample
201201-dkjkh8mxla
-
MD5
5bfe58d7f45d5fad7196518631911b46
-
SHA1
59fc365265b883d627fad959c4121db546241856
-
SHA256
7401fa910d001ae108b4fb25e4712c92ba8e3c840f1f22c2e4de57b7f800f012
-
SHA512
9d173f21503fbfd454281a9bc25c629917bf7462e1baecd31e996c0c18ac538dda97f8e6bdef8ad7462f6123c4c5571f41c58aeafca6d0cfb601ab7f75fd5ea3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.FileRepMalware.4542.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.FileRepMalware.4542.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.FileRepMalware.4542
-
Size
3.7MB
-
MD5
5bfe58d7f45d5fad7196518631911b46
-
SHA1
59fc365265b883d627fad959c4121db546241856
-
SHA256
7401fa910d001ae108b4fb25e4712c92ba8e3c840f1f22c2e4de57b7f800f012
-
SHA512
9d173f21503fbfd454281a9bc25c629917bf7462e1baecd31e996c0c18ac538dda97f8e6bdef8ad7462f6123c4c5571f41c58aeafca6d0cfb601ab7f75fd5ea3
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Modifies boot configuration data using bcdedit
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-