General
-
Target
girlGirlBoys.jpg.dll
-
Size
1.2MB
-
Sample
210722-b91wyar1z2
-
MD5
765dd6425582672e4c2cca5929598848
-
SHA1
32284fcaeb0310f34a1b5fff46f4bd7e8e17251a
-
SHA256
0cdd088afc4cb6d2f0d39b6b05c49398309baafb38309cbe89f222eaa2042f86
-
SHA512
8349b824e6001b3cdc7f8d7fa332b2308c6a21c232f54c46bd537778e15214962a319478a790f0a0f5b640d25fb77e442bb92897c3a688fa7ebca496243711eb
Static task
static1
Behavioral task
behavioral1
Sample
girlGirlBoys.jpg.dll
Resource
win7v20210410
Behavioral task
behavioral2
Sample
girlGirlBoys.jpg.dll
Resource
win10v20210408
Malware Config
Targets
-
-
Target
girlGirlBoys.jpg.dll
-
Size
1.2MB
-
MD5
765dd6425582672e4c2cca5929598848
-
SHA1
32284fcaeb0310f34a1b5fff46f4bd7e8e17251a
-
SHA256
0cdd088afc4cb6d2f0d39b6b05c49398309baafb38309cbe89f222eaa2042f86
-
SHA512
8349b824e6001b3cdc7f8d7fa332b2308c6a21c232f54c46bd537778e15214962a319478a790f0a0f5b640d25fb77e442bb92897c3a688fa7ebca496243711eb
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-