General
-
Target
daf29c624693210dcf0743b0e31c273d181936beb0d09c58660b5241efc737ef.zip
-
Size
33KB
-
Sample
210727-3bkxdst9xn
-
MD5
80e72f35dc480d4e28cfbb0a2e682cc3
-
SHA1
4e6378497c3b2deddcf50a1afd7e44c2689525a8
-
SHA256
379a78c65d8e5e5b7e1f25917a5493ae623042dd9ca3f12b0b3ae4e3ca72f101
-
SHA512
aa741555464d68d9a9f93f508fa8edd1db517cbe44f0bf5ef22ab4b475ef9e2410f69b6aaed4fb19b7ec24edc63ac399e71d8c1db12cf99879771063f59218a8
Static task
static1
Behavioral task
behavioral1
Sample
daf29c624693210dcf0743b0e31c273d181936beb0d09c58660b5241efc737ef.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
daf29c624693210dcf0743b0e31c273d181936beb0d09c58660b5241efc737ef.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
daf29c624693210dcf0743b0e31c273d181936beb0d09c58660b5241efc737ef
-
Size
36KB
-
MD5
8ef0778cfb358be6b7d9b25104ad9e87
-
SHA1
48fa290678c95010bcf198fdc2d4cb3d485b37c5
-
SHA256
daf29c624693210dcf0743b0e31c273d181936beb0d09c58660b5241efc737ef
-
SHA512
1e49f8e39d3b6d2a3c346f69abc42a5e2b824674a953c4ec6997b8c54827c2c5dea31857ec7b04e60e965f337e0e52cc85acd1d279fbfe1813b84271e075c1f1
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Program crash
-
Suspicious use of SetThreadContext
-