General
-
Target
074ace0e95ce08c52a56514e0795a8137dc57c43197eedf7d06387670ca9ae51.exe
-
Size
242KB
-
Sample
210416-qf93e4jd22
-
MD5
c5d02a59e543e126359998b982e87d45
-
SHA1
e6960b254e0215493a29471949b1ff84b6da1b59
-
SHA256
074ace0e95ce08c52a56514e0795a8137dc57c43197eedf7d06387670ca9ae51
-
SHA512
6fc4f510ab3f13e0ab49d0b46b4b7a440de33b693ba6d20c6459dd59721363fbbda59975a51f78fa85d2f452fcc519595b83d80ae580c00ab75d80adbc214721
Static task
static1
Behavioral task
behavioral1
Sample
074ace0e95ce08c52a56514e0795a8137dc57c43197eedf7d06387670ca9ae51.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
074ace0e95ce08c52a56514e0795a8137dc57c43197eedf7d06387670ca9ae51.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\!files-recovery.txt
http://silveoa6gm.temp.swtest.ru/gate.php?advertid=7&name=BAT847R6DTUBSX
Extracted
C:\Users\Public\Videos\Sample Videos\!files-recovery.txt
http://silveoa6gm.temp.swtest.ru/gate.php?advertid=7&name=RORLGF2TRYJKRN
Targets
-
-
Target
074ace0e95ce08c52a56514e0795a8137dc57c43197eedf7d06387670ca9ae51.exe
-
Size
242KB
-
MD5
c5d02a59e543e126359998b982e87d45
-
SHA1
e6960b254e0215493a29471949b1ff84b6da1b59
-
SHA256
074ace0e95ce08c52a56514e0795a8137dc57c43197eedf7d06387670ca9ae51
-
SHA512
6fc4f510ab3f13e0ab49d0b46b4b7a440de33b693ba6d20c6459dd59721363fbbda59975a51f78fa85d2f452fcc519595b83d80ae580c00ab75d80adbc214721
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-