General
-
Target
40ce55fc32e014af1a815b7b6cd456c5c2c345c002c1b93278f21c9a988df6c2.zip
-
Size
33KB
-
Sample
210727-99rnz4nd1e
-
MD5
45dd1854481f4d465211bb7fa027d7bd
-
SHA1
d6fc66d50626fa983da98950629289b0ac9dfee4
-
SHA256
47b736864cf5b609cc262f95c9570d223c8c418a7b43d1eae35fdcfadc5614d1
-
SHA512
06921ad58649ad334ccb902b16cc94cf9175e9f8216592775adc033b84cfd68b267c2f685ea91489ebfbf81c6dd19d1287fe9cf819f6bde852e0634eff9fbf4f
Static task
static1
Behavioral task
behavioral1
Sample
40ce55fc32e014af1a815b7b6cd456c5c2c345c002c1b93278f21c9a988df6c2.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
40ce55fc32e014af1a815b7b6cd456c5c2c345c002c1b93278f21c9a988df6c2.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
40ce55fc32e014af1a815b7b6cd456c5c2c345c002c1b93278f21c9a988df6c2
-
Size
36KB
-
MD5
022af75a77f7ccd7aa5748f9e70ab38a
-
SHA1
b5f6b5dedc23f6b763234079ca51dfd403e6c674
-
SHA256
40ce55fc32e014af1a815b7b6cd456c5c2c345c002c1b93278f21c9a988df6c2
-
SHA512
60d36a940794cffbce14e8526a8ae4fb05ecac38527059de37898582b4868876e1d9224bd2e6f723c903d9fc0580b94deebdab913023693506111d38c11098e1
Score10/10-
Modifies WinLogon for persistence
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Modifies WinLogon
-
Program crash
-
Suspicious use of SetThreadContext
-