General
-
Target
66da6bd2b703134d7b74901f8a059419
-
Size
5.0MB
-
Sample
201214-ll8d54gc9s
-
MD5
66da6bd2b703134d7b74901f8a059419
-
SHA1
6ccd5843205e31b34fecdc53ca8917abe70e961c
-
SHA256
5527e5ed8fb971e705ebfe16f68e7a1175d80bdbfa92af672223fdc556f4fa9d
-
SHA512
76af3d35d378a412e9e00c0baaf9897b6cfac945107f980b8768cab90e614499d724a87de05d3a6ea1195acc1eba45cfeb9ee6871b93e672c36c56fafd1d44b2
Static task
static1
Behavioral task
behavioral1
Sample
66da6bd2b703134d7b74901f8a059419.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
66da6bd2b703134d7b74901f8a059419.dll
Resource
win10v20201028
Malware Config
Targets
-
-
Target
66da6bd2b703134d7b74901f8a059419
-
Size
5.0MB
-
MD5
66da6bd2b703134d7b74901f8a059419
-
SHA1
6ccd5843205e31b34fecdc53ca8917abe70e961c
-
SHA256
5527e5ed8fb971e705ebfe16f68e7a1175d80bdbfa92af672223fdc556f4fa9d
-
SHA512
76af3d35d378a412e9e00c0baaf9897b6cfac945107f980b8768cab90e614499d724a87de05d3a6ea1195acc1eba45cfeb9ee6871b93e672c36c56fafd1d44b2
Score10/10-
Modifies firewall policy service
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Drops file in System32 directory
-