General
-
Target
36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3
-
Size
1.4MB
-
Sample
220127-yxnyyshfhr
-
MD5
bfec415733961b718a05c9890f4a06a7
-
SHA1
292a6a024f5e7995b4ae1b37132f464bf65a914d
-
SHA256
36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3
-
SHA512
b332eb7eabeac58120e27bf7685b1d72cd0418ea8e97a4982f90cb9997b3e57ebc9b5407cb7b9eeb7b2673f3b12d6afe22cadd9068fb47f9fe3b1d76c0cb1d86
Static task
static1
Behavioral task
behavioral1
Sample
36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3
-
Size
1.4MB
-
MD5
bfec415733961b718a05c9890f4a06a7
-
SHA1
292a6a024f5e7995b4ae1b37132f464bf65a914d
-
SHA256
36104d9b7897c8b550a9fad9fe2f119e16d82fb028f682d39a73722822065bd3
-
SHA512
b332eb7eabeac58120e27bf7685b1d72cd0418ea8e97a4982f90cb9997b3e57ebc9b5407cb7b9eeb7b2673f3b12d6afe22cadd9068fb47f9fe3b1d76c0cb1d86
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Blocklisted process makes network request
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-