General
-
Target
d92f632b039d42bfe46c284f35b8ce4f898576d840fd366becc1d9bcd4ed6a3a
-
Size
1.1MB
-
Sample
210228-lnqwy4xx3e
-
MD5
e8cb16902d3100e0833ef9c4367fe17b
-
SHA1
b639ffb519f85b4db9987daadfbe6e458e986c25
-
SHA256
d92f632b039d42bfe46c284f35b8ce4f898576d840fd366becc1d9bcd4ed6a3a
-
SHA512
084f6f87a3d180cc3f37c5416a2744aefe3295da2ee5a88125468740e51cb6e93f518cb6143b5035c7fa515d0e01fdbcb9f12280857deb2d612c7c67850e7a9e
Static task
static1
Behavioral task
behavioral1
Sample
d92f632b039d42bfe46c284f35b8ce4f898576d840fd366becc1d9bcd4ed6a3a.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
d92f632b039d42bfe46c284f35b8ce4f898576d840fd366becc1d9bcd4ed6a3a
-
Size
1.1MB
-
MD5
e8cb16902d3100e0833ef9c4367fe17b
-
SHA1
b639ffb519f85b4db9987daadfbe6e458e986c25
-
SHA256
d92f632b039d42bfe46c284f35b8ce4f898576d840fd366becc1d9bcd4ed6a3a
-
SHA512
084f6f87a3d180cc3f37c5416a2744aefe3295da2ee5a88125468740e51cb6e93f518cb6143b5035c7fa515d0e01fdbcb9f12280857deb2d612c7c67850e7a9e
-
Executes dropped EXE
-
Modifies Windows Firewall
-
Drops startup file
-
Loads dropped DLL
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-