General
-
Target
aa.exe
-
Size
3.5MB
-
Sample
210628-pc55lfb2dx
-
MD5
808e34a763acd79d01eeb1f54b18a551
-
SHA1
df3f6e0f29d9d65a2afc401ab6938044f24c5506
-
SHA256
86aab09b278fe8e538d8cecd28f2d7a32fe413724d5ee52e2815a3267a988595
-
SHA512
9638d841bbbb059f6c6be89f3664ce68b4749585a523a776e51b6d591c6ccb60b6df3aa34d25bf8df7521f883b7e31108da64c1112ff3fd369945acc0885a31c
Static task
static1
Behavioral task
behavioral1
Sample
aa.exe
Resource
win7v20210410
Malware Config
Targets
-
-
Target
aa.exe
-
Size
3.5MB
-
MD5
808e34a763acd79d01eeb1f54b18a551
-
SHA1
df3f6e0f29d9d65a2afc401ab6938044f24c5506
-
SHA256
86aab09b278fe8e538d8cecd28f2d7a32fe413724d5ee52e2815a3267a988595
-
SHA512
9638d841bbbb059f6c6be89f3664ce68b4749585a523a776e51b6d591c6ccb60b6df3aa34d25bf8df7521f883b7e31108da64c1112ff3fd369945acc0885a31c
-
Modifies firewall policy service
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-