General
-
Target
fasdfdf-c622789sb.zip
-
Size
947KB
-
Sample
210625-h2tmt81p9x
-
MD5
e35924225d73ee3e1272c8d8311eac60
-
SHA1
b36e100553e72843c992e15c25f17be83cabac89
-
SHA256
9ca9f83803ab008fbedc3ce11690190720d5d700f40129be6187aec13084419f
-
SHA512
242712f20443b625c849aeffc9a50e25b7aa1acf6bc9a5d91c60ce44286a79b262e37e98b9e4d9cf82c2a10a4337d2eaba63e3b2d73f9d7386dd02b02cb485ab
Static task
static1
Behavioral task
behavioral1
Sample
_.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
_.exe
Resource
win10v20210408
Behavioral task
behavioral3
Sample
fasdfdf-c622789sb.vbs
Resource
win7v20210410
Behavioral task
behavioral4
Sample
fasdfdf-c622789sb.vbs
Resource
win10v20210408
Malware Config
Targets
-
-
Target
_
-
Size
2.0MB
-
MD5
9ca8a76d08dd6b3b6be67a170968fc23
-
SHA1
361552c19a71ffb6b467f29981984970435f2ac5
-
SHA256
ec17203876629f4b92a28863a91d09205cc8bc821dcd29b5e4bad35ca9d306af
-
SHA512
7522dbf7bccd9708660c6d5fdb36cfb0d06d3e846a2c65119623774163b16c203939d2820b345e259634c040a3b15974a3032f891933b52f5a62f97037df5a37
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
-
-
Target
fasdfdf-c622789sb.vbs
-
Size
8KB
-
MD5
102b99a1526857fb40dafee9b0f7b7dc
-
SHA1
a21304e8c5d20e867b9f55b079ad89d4c81e4fe8
-
SHA256
e0ad1addf863b85a4a3e51794a86f3a665eaa39de8ef9ac9b1a67023fdad6479
-
SHA512
7f13e29929cd48993a45c4faddd0ad97def49a2b86063cca3a45d2f7c56136001219afab7accf7c93c1b5c106a563a596f65946c762c987c9ffa9d10dc340f14
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-