General
-
Target
5291777385594880.zip
-
Size
11KB
-
Sample
210310-52ql7z75jn
-
MD5
751b7eb00a64f0e0dd38954f3a798393
-
SHA1
cf5ee9e2f3cd957b871938c5e13e98280808f740
-
SHA256
43667a87d79329f861a79287aab6bc4443f58d8b1222365e04cbe591f6ef5ff2
-
SHA512
b25f9dd0bb896be44314a5cfc59d88669360d9eb4291f599ba5e54fc33c741f8a9fe7c8db5bb9b69fe3a52d476e19e16dae164592ecf3786ffb13667eca3a310
Static task
static1
Behavioral task
behavioral1
Sample
f9498a2b0d6c38da6ad465a0135c5d20817bffeaf5ed09b9de8a7a22ec1ada58.pps
Resource
win7v20201028
Malware Config
Targets
-
-
Target
f9498a2b0d6c38da6ad465a0135c5d20817bffeaf5ed09b9de8a7a22ec1ada58
-
Size
73KB
-
MD5
d9946cecf7fb73bc664217e318af6eeb
-
SHA1
d95ef8411af378d06dab649df35748775e4edfe7
-
SHA256
f9498a2b0d6c38da6ad465a0135c5d20817bffeaf5ed09b9de8a7a22ec1ada58
-
SHA512
698ba3cd10fddb7f291b4983dbd0ee77774344fb1c5930dbb4a50d94b386792ab666284360c40447e451767e3d5ddd4d259ad0c3017005538a70f73e0dcf81fa
Score10/10-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Drops file in System32 directory
-