General
-
Target
320bb1efa1263c636702188cd97f68699aebbb88c2c2c92bf97a68e689fa6f89
-
Size
1.4MB
-
Sample
220127-zbj9baaabp
-
MD5
18202e554a88e92434931ac3b1891054
-
SHA1
80994eb64ee39ae7db97229d52f11c5ba405cf74
-
SHA256
320bb1efa1263c636702188cd97f68699aebbb88c2c2c92bf97a68e689fa6f89
-
SHA512
dd136585a5e7e9703c55b8a5e896b3031cec0f4128a961a0210f8a7f4d8ffc4e0cf39e6834b6999903f0068b12e20766bf0488296eb1c0cd0a90f9fe3e9600af
Static task
static1
Behavioral task
behavioral1
Sample
320bb1efa1263c636702188cd97f68699aebbb88c2c2c92bf97a68e689fa6f89.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
320bb1efa1263c636702188cd97f68699aebbb88c2c2c92bf97a68e689fa6f89.exe
Resource
win10-en-20211208
Malware Config
Extracted
metasploit
windows/download_exec
http://dazqc4f140wtl.cloudfront.net:80/ZZYO
Targets
-
-
Target
320bb1efa1263c636702188cd97f68699aebbb88c2c2c92bf97a68e689fa6f89
-
Size
1.4MB
-
MD5
18202e554a88e92434931ac3b1891054
-
SHA1
80994eb64ee39ae7db97229d52f11c5ba405cf74
-
SHA256
320bb1efa1263c636702188cd97f68699aebbb88c2c2c92bf97a68e689fa6f89
-
SHA512
dd136585a5e7e9703c55b8a5e896b3031cec0f4128a961a0210f8a7f4d8ffc4e0cf39e6834b6999903f0068b12e20766bf0488296eb1c0cd0a90f9fe3e9600af
-
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Sets DLL path for service in the registry
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-